The one time password feature is used to facilitate the users who wishes wish to have a new password each time they login. This increases the security to prevent password theft, since at each login, the user gets a new password. Also this helps users who do not like to remember passwords all the time.
In WSO2 Identity Server when users enable OTP using their profile configuration, each time when the user logs in, a new password is sent to the user’s email. This password can be used next time when the user needs to login.
Configuration
Enable You need to create the following claim for OTP in the {carbon_home}/repository/conf/claimconfig.xml file as shown below:
...
| language | html/xml |
|---|
...
and map it with a valid attribute with the underlying datastore. This is used to store the otp feature status for the user.
http://wso2.org/claims/identity/
...
otp
In order to display this in the user profile you need to select the Supported by Default attribute found when creating the claim.
Set the following configuration in the {carbon_home}/repository/conf/security/identitymgtidentity-mgt.properties file.
| Code Block | ||
|---|---|---|
| ||
Identity.Listener.Enable=true Notification.Sending.Enable=true Notification.Expire.Time=7200 Notification.Sending.Internally.Managed=true Authentication.Policy.Enable=true Authentication.Policy.Check.OneTime.Password=true |
...
Once the configuration is done, restart the server for your changes to take effect. Then login as a user and to check the one time password feature. Also fill ensure that you have filled the necessary profile details including email.
...