Page Comparison

Account locking is a security feature in Identity Server that prevents users from logging in to their account and from authenticating themselves using their IS account. A user account can be locked in one of the following ways:

...

Start the IS server if you haven't already and log in to the management console using admin credentials.
Navigate to Claims>List on the Configure menu and select the http://wso2.org/claims claim dialect. For more information about claims, see Claim Management.
Select the Account Locked claim and click Edit.
Select the "Supported by Default" checkbox and click Update. This is done to make the "Account Locked" status appear in the user's profile.
Navigate to Users and Roles>List>Users on the Main menu and click on User Profile of the user you want to lock.
If it is the first time this particular account is being locked, a textbox will appear in front of the Account Locked field as seen below. To lock the account, type true in the textbox and click Update.

...

4. Restart the server once the configuration changes are made.

Note

title	Note

For the account locking/unlocking process, IS uses the following Identity claims to store the related attributes

http://wso2.org/claims/identity/accountLocked - This claim is used to store the status of the user's account, i.e., if it is locked or not.
http://wso2.org/claims/identity/unlockTime - This is used to store the timestamp that the user's account is unlocked.
http://wso2.org/claims/identity/failedLoginAttempts - This is used to track the number of consecutive failed login attempts. It is based on this that the account is locked.

Storing claims in the user store

By default, IS stores these claim values in the JDBC datasource configured in the identity.xml file. If needed, you can configure IS to store the claim values in the userstore as well. For that, open the

Open the <IS_HOME>/repository/conf/identity/identity-mgt.properties file and change

...

the Identity.Mgt.User.Data.Store

...

property to the datastore you have configured.
Code Block
language bash
Identity.Mgt.User.Data.Store=org.wso2.carbon.identity.mgt.store.UserStoreBasedIdentityDataStore
Info
The default valueorg.wso2.carbon.identity.mgt.store.JDBCIdentityDataStore is the Identity datasource. Changing the store

...

to UserStoreBasedIdentityDataStore

...

ensures that identity claims are stored in the userstore.

...

Code Block

language	bash

Identity.Mgt.User.Data.Store=org.wso2.carbon.identity.mgt.store.UserStoreBasedIdentityDataStore

...

The identity claims mentioned below should be mapped correctly to the attributes in the underlying user store.

...

For more information on how to do this, see Claim Management.

...

- http://wso2.org/claims/identity/accountLocked - This claim is used to store the status of the user's account, i.e., if it is locked or not.
- http://wso2.org/claims/identity/unlockTime - This is used to store the timestamp that the user's account is unlocked.
- http://wso2.org/claims/identity/failedLoginAttempts - This is used to track the number of consecutive failed login attempts. It is based on this that the account is locked.

Versions Compared

Old Version 3

New Version 4

Key

Storing claims in the user store