Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section describes the usage of the User Information Recovery APIs in WSO2 Identity Server. Using the API there are two ways to recover a lost/forgotten password, i.e., by using email notifications or This section describes the usage of the User Information Recovery APIs in WSO2 Identity Server. Using the API there are two ways to recover a lost/forgotten password, i.e., by using email notifications or secret questions. Additionally it is also possible to retrieve the username if forgotten. See the following topics for more information on how to do all this.

...

  1. Enable the Identity Listener by setting the following property to true in the <IS_HOME>/repository/conf/identity/identity.xml file.

    Code Block
    languagexml
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="true"/>

  2. Edit the identity­-mgt.properties file with the following configurations. This file is found in the <PRODUCT_HOME>/repository/conf/identity directory.

    Code Block
    languagejava
    Notification.Sending.Enable=true
Notification.Expire.Time=3
Notification.Sending.Internally.Managed=true
UserAccount.Recovery.Enable=true
Captcha.Verification.Internally.Managed=false

    See the following table for descriptions of these configurations.

    ConfigurationDescription
    Notification.Sending.Enable=true

    This enables the email sending function when recovering the account and verifying the user creation

    Notification.Expire.Time=3
    		The time specified here is in minutes. In this case, the recovery expires after three minutes.
    Notification.Sending.Internally.Managed=true

    This enables the internal email sending module. If false, the email sending data is available to application via a Web service. Thus the application can send the email using its own email sender.

    UserAccount.Recovery.Enable=true
    		This enables the user account recovery process.
    Captcha.Verification.Internally.Managed=false
    		Set this to true if you do not have an existing captcha validation module.

  3. Ensure that the email-­admin-­config.xml file has the following configurations. This file is found in the <PRODUCT_HOME>/repository/conf/email directory. Use the email format with the type “passwordReset”.

    Code Block
    languagehtml/xml
    <configuration type="passwordReset">
	<targetEpr></targetEpr>
	<subject>Password Reset Notification</subject>
	<body>
		Hi {first-­name}
		We received a request to change the password on the {user-­name} account
		associated with this e­mail address. If you made this request, please click
		the link below to securely change your password:


		https://localhost:8443/InfoRecoverySample/infoRecover/verify?confirmation={confirmation-code}&amp;userstoredomain={userstore-domain}&amp;username={user-name}&amp;tenantdomain={tenant-domain}

		If clicking the link doesn't seem to work, you can copy and paste the link
		into your browser's address window.


		If you did not request to have your {user-­name} password reset, simply
		disregard this email and no changes to your
		account will be made.
	</body>
	<footer>
		Best Regards,
		WSO2 Carbon Team http://www.wso2.com
	</footer>
	<redirectPath></redirectPath>
</configuration>

    The email sent to user includes the {confirmation-code}, which the Identity Server API caller needs to pass along with the user name.

  4. Edit the axis.xml file with the following configuration. This file is found in the <PRODUCT_HOME>/repository/conf/axis2/ directory. Uncomment the following in the file and provide the necessary email settings.

    Code Block
    languagehtml/xml
    <transportSender name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">
	<parameter name="mail.smtp.from">sampleemail@gmail.com</parameter>
	<parameter name="mail.smtp.user">sampleemail</parameter>
	<parameter name="mail.smtp.password">password</parameter>
	<parameter name="mail.smtp.host">smtp.gmail.com</parameter>
	<parameter name="mail.smtp.port">587</parameter>
	<parameter name="mail.smtp.starttls.enable">true</parameter>
	<parameter name="mail.smtp.auth">true</parameter>
</transportSender>

...

  1. Enter your username and password to log on to the Management Console.
  2. From the Main menu, click List under Claims.
  3. Click the WSO2 claim dialect (http://wso2.org/claims).
  4. You must select and configure three claim mappings. These are Challenge QuestionChallenge Question1 and Challenge Question2.
    Image Modified
    The following are the three claims necessary. For each claim URI below, there should be one claim mapping.
    • http://wso2.org/claims/challengeQuestionUris 
    • http://wso2.org/claims/challengeQuestion1 
    • http://wso2.org/claims/challengeQuestion2
  5. For the mapped attribute, provide any attribute that your underlying user store supports. This example keeps the defaults as they are. The three claims are set as ‘Supported ‘Supported by Default’ Default’ so that these attributes will appear in the user’s profile when viewing from the management console.
    The following table lists out how these claims are used.
    Claim URIDescription
    http://wso2.org/claims/challengeQuestionUris

    This claim holds the claim URIs of the challenge question sets associated with the user’s profile. If the user has challenge question 1 and 2 set, the value will be all the associated claims separated by the ! mark. For example, http://wso2.org/claims/challengeQuestion1!http://wso2.org/claims/challengeQuestion2

    http://wso2.org/claims/challengeQuestion1

    This claim holds the details of the first challenge question of the user. Here the claim value will contain the question and the answer. The answer is a hashed value and not in plain text. For example, Favorite sport ?!jyf0Mvy6pLUYChzHqPoWapPNo8G85vGZIt1RnQL0uzk=

    http://wso2.org/claims/challengeQuestion2This claim holds the details of the second challenge question of the user. Here the claim value will contain the question and the answer. The answer is a hashed value and not in plain text. For example, Favorite food ?!IJ92QY7OfJNrZf9Hd6V42GD3YsN61sfwj1gmJCGZ71E=

    Now the required claim mappings for challenge questions feature are set.

...

  1. On the Main tab in the Management Console, click Add under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click Add New User.
     
  4. Log out of the Identity Server.
  5. The URL for accessing dashboard is the following if the hostname is localhost and the Identity Server is running on port 9443: https://localhost:9443/dashboard/. Click this link to access the dashboard and log in using the credentials of the user you just created.
    Image Removed
  6. Click the View Details button under the Account Recovery section in the end user dashboard.
    Image Removed 
  7. You can set challenge questions for the user account. There are two sets of challenge questions by default. You can pick one question for each set and give an answer for the question.
    Image Removed
  8. Click Update.
  9. Log into the Identity Server as an admin.
  10. On the Main tab in the Management Console, click List under Users and Roles.
  11. Click Users. This link is only visible to users with the Admin role. 
  12. Click User Profile next to the user you created.
  13. You can see that the challenge question values are set for this user.
    Image Removed     to access the dashboard and log in using the credentials of the user you just created.
    Image Added
  14. Click the View Details button under the Account Recovery section in the end user dashboard.
    Image Added 
  15. You can set challenge questions for the user account. There are two sets of challenge questions by default. You can pick one question for each set and give an answer for the question.
    Image Added
  16. Click Update.
  17. Log into the Identity Server as an admin.
  18. On the Main tab in the Management Console, click List under Users and Roles.
  19. Click Users. This link is only visible to users with the Admin role. 
  20. Click User Profile next to the user you created.
  21. You can see that the challenge question values are set for this user.Image Added
  22. Enter an email address and other required details for the user profile and click Update to save changes.
  23. Logout of the management console. 
  24. Sign out of the dashboard and click Forgot Password on the login screen. 
    Image Added
  25. Enter the username and select Recover with Security Questions. Click Submit
    Image Added
  26. Enter the answers to the challenge questions and click Submit
    Image Added
  27. Enter a new password and click Submit. You will receive a notification of successful password reset. 
    Image AddedImage Added

Using the UserIdentityManagementAdminService admin service

...

  1. On the Main tab in the Management Console, click List under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click User Profile next to the user you created.
  4. You can see that the challenge question values are set for this user.