Versions Compared

Old Version 16

changes.mady.by.user Former user

Saved on

compared with

New Version 17

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Account locking is a security feature in Identity Server that prevents users from logging in to their account and from authenticating themselves using their Identity Server account. For more information about configuring user accounts, see the Configuring User Stores topic. A user account can be locked in one of the following ways:

...

  1. Start the IS server if you have not already and log in to the management console using admin credentials.
  2. Navigate to Claims>List on the Configure menu and select the http://wso2.org/claims  claim dialect. For more information about claims, see Claim Management
  3. Select the Account Locked claim and click Edit.

  4. Select the "Supported by Default" checkbox and click Update. This is done to make the "Account Locked" status appear in the user's profile. 
  5. Navigate to Users and Roles>List>Users on the Main menu and click on User Profile of the user you want to lock. 
  6. If it is the first time this particular account is being locked, a textbox will appear in front of the Account Locked field as seen below. To lock the account, type true in the textbox and click Update.
    Screen Shot 2016-01-10 at 9.44.40 PM.png 

...

Code Block
titleLock Account SOAP Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
  <ser:lockUserAccount>
  <!--Optional:-->
  <ser:userName>SpongeBob<userName>Bob</ser:userName>
  </ser:lockUserAccount>
  </soapenv:Body>
</soapenv:Envelope>

...

Code Block
languagexml
titleUnlock Account SOAP Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
  <ser:unlockUserAccount>
  <!--Optional:-->
  <ser:userName>SpongeBob<userName>Bob</ser:userName>
  </ser:unlockUserAccount>
  </soapenv:Body>
</soapenv:Envelope>

...

  1. Configure the following parameters in the <IS_HOME>/repository/conf/identity/identity-mgt.properties file.

    ConfigurationDescription

    Notification.Expire.Time=7200

    The time specified here is in minutes. In this case, the notification expires after 7200 minutes.

    Notification.Sending.Internally.Managed=true

    This enables the internal email sending module. If this property is set to false, the email sending data is available to the application via a Web service. Thus the application can send the email using its own email sender.

    Notification.Sending.Enable=true

    This property enables the email sending function when the password account is unlocked.

    Code Block
    languagebash
    Notification.Sending.Enable=true
Notification.Expire.Time=7200
Notification.Sending.Internally.Managed=true

  2. Navigate to the <IS_HOME>/repository/conf/axis2/axis2.xml file and uncomment the following property. Change the parameter values according to your email (see the second code block below for an example of this).  

    Code Block
    languagexml
    <!--<transportSender name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">

    e.g.: 

    Code Block
    languagexml
    <transportSender name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">
    <parameter name="mail.smtp.from">sampleemail@gmail.com</parameter>
    <parameter name="mail.smtp.user">sampleemail</parameter>
    <parameter name="mail.smtp.password">password</parameter>
    <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
    <parameter name="mail.smtp.port">587</parameter>
    <parameter name="mail.smtp.starttls.enable">true</parameter>
    <parameter name="mail.smtp.auth">true</parameter>
</transportSender>

  3. Make sure the following email template is defined in the <IS_HOME>/repository/conf/email/email-admin-config.xml file. This is the format in which the email is sent to the user when the account is unlocked.

    Code Block
    languagexml
    <configuration type="accountUnLock">
    <targetEpr></targetEpr>
    <subject>WSO2 Carbon - Your account unlocked</subject>
    <body>
        Hi {first-name},
        Please note that the account registered with us with the user name: {user-name} has been unlocked by Admin.
    </body>
    <footer>
        Best Regards,
        WSO2 Identity Server Team
        http://www.wso2.com
    </footer>
    <redirectPath></redirectPath>
</configuration>
     
  4. Restart the server once the configuration changes are made.
...