Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 1

...

  1. Shut down the server if it is running.

  2. Open the  <IS_HOME>/repository/conf/axis2/axis2.xml file, uncomment the  transportSender name = "mailto" configurations, and update the following properties:

    mail.smtp.fromProvide the email address of the SMTP account.
    mail.smtp.userProvide the username of the SMTP account.
    mail.smtp.passwordProvide the password of the SMTP account.
    Code Block
    <transportSender  name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">
    <parameter  name="mail.smtp.from">{SENDER'S_EMAIL_ID}</parameter>
	<parameter  name="mail.smtp.user">{USERNAME}</parameter>
	<parameter  name="mail.smtp.password">{PASSWORD}</parameter>
	<parameter  name="mail.smtp.host">smtp.gmail.com</parameter>
    <parameter  name="mail.smtp.port">587</parameter>
    <parameter  name="mail.smtp.starttls.enable">true</parameter>
    <parameter  name="mail.smtp.auth">true</parameter>
</transportSender>

  3. Comment out the <module ref="addressing"/> property to avoid syntax errors.

    Code Block
    <!-- <module ref="addressing"/> -->

  4. Add the following email template to the <IS_HOME>/repository/conf/email/email-admin-config.xml.

    Code Block
    languagexml
    <configuration type="EmailOTP" display="idleAccountReminder" locale="en_US" emailContentType="text/html">
   <targetEpr></targetEpr>
   <subject>WSO2 IS Email OTP</subject>
   <body>
      Hi,
      Please use this one time password {OTPCode} to sign in to your application.
   </body>
   <footer>
      Best Regards,
      WSO2 Identity Server Team
      http://www.wso2.com
   </footer>
   <redirectPath></redirectPath>
</configuration>

  5. Configure the following properties in the <PRODUCT_HOME>/repository/conf/identity/identity-mgt.properties file to true.

    Code Block
    languagexml
    Authentication.Policy.Enable=true
Authentication.Policy.Check.OneTime.Password=true

  6. Add the following configuration to the application-authentication.xml file in the <IS_HOME>/repository/conf/identity directory. 

    Code Block
    <AuthenticatorConfig name="EmailOTP" enabled="true"> 
	<Parameter name="EMAILOTPAuthenticationEndpointURL">https://localhost:9443/emailotpauthenticationendpoint/emailotp.jsp</Parameter>
	<Parameter name="EmailOTPAuthenticationEndpointErrorPage">https://localhost:9443/emailotpauthenticationendpoint/emailotpError.jsp</Parameter>
	<Parameter name="EmailAddressRequestPage">https://localhost:9443/emailotpauthenticationendpoint/emailAddress.jsp</Parameter>
	<Parameter name="usecase">association</Parameter> 
	<Parameter name="useEventHandlerBasedEmailSender">true</Parameter>
	<Parameter name="secondaryUserstore">primary</Parameter>
	<Parameter name="EMAILOTPMandatory">false</Parameter> 
	<Parameter name="sendOTPToFederatedEmailAttribute">false</Parameter> 
	<Parameter name="federatedEmailAttributeKey">email</Parameter> 
	<Parameter name="EmailOTPEnableByUserClaim">true</Parameter> 
	<Parameter name="useEventHandlerBasedEmailSender">true</Parameter>
	<Parameter name="CaptureAndUpdateEmailAddress">true</Parameter> 
	<Parameter name="showEmailAddressInUI">true</Parameter> 
</AuthenticatorConfig>
  7. Start WSO2 IS.

Anchor
Configuring the EmailOTP provider
Configuring the EmailOTP provider
Configure the Email OTP provider

...

  1. Create a Google account at https://gmail.com.
  2. Got to https://console.developers.google.com and click ENABLE APIS AND SERVICES.
  3. Search for Gmail API and click on it.

  4. Click Enable to enable the Gmail APIs.

    Info
    titleWhy is this needed?

    If you do not enable the Gmail APIs, you run in to a 401 error when trying out step13.

  5. Click Credentials and click Create to create a new project.

  6. Click Credentials and click the Create credentials drop-down.

  7. Select OAuth client ID option.

  8. Click Configure consent screen.
  9. Enter the Product name that needs to be shown to users, enter values to any other fields you prefer to update, and click Save.

  10. Select the Web application option.
    Enter https://localhost:9443/commonauth as the Authorize redirect URIs text-box, and click Create.

    Anchor
    client-ID
    client-ID

    The client ID and the client secret are displayed.
    Copy the client ID and secret and keep it in a safe place as you require it for the next step.

  11. Anchor
    copy-URL
    copy-URL
    Copy the URL below and replace the <ENTER_CLIENT_ID> tag with the generated Client ID. This is required to generate the authorization code.

    Auitabs
    directionhorizontal
    Auitabspage
    titleFormat
    Auitabspage
    titleExample

  12. Paste the updated URL into your browser.

    1. Select the preferred Gmail account with which you wish to proceed.

    2. Click Allow.

    3. Anchor
      Auth-code
      Auth-code
      Obtain the authorization code using a SAML tracer on your browser.

  13. To generate the access token, copy the following cURL command and replace the following place holders:

    1. <CLIENT-ID> : Replace this with the client ID obtained in Step 10 above.
    2. <CLIENT_SECRET> : Replace this with the client secret obtained in Step 10 above.

    3. <AUTHORIZATION_CODE> : Replace this with the authorization code obtained in Step 12 above.

      Anchor
      Refresh-token
      Refresh-token

    Auitabs
    directionhorizontal
    Auitabspage
    titleFormat
    Auitabspage
    titleExample
    Auitabspage
    titleSample Response

    Paste the updated cURL command in your terminal to generate the OAuth2 access token, token validity period, and the refresh token. 

  14. Update the following configurations under the  <AuthenticatorConfigs>  section in the  <IS_HOME>/repository/conf/identity/application-authentication.xml  file. 

    Note
    • If you need to send the content in a payload, you can introduce a property in a format <API> Payload and define the value. Similarly, you can define the Form Data.FormdataforSendgridAPIisgivenasan example.
    • You can use <API> URLParams, <API>AuthTokenType, <API>Failure and <API>TokenEndpoint property formats to specify the URL parameters, Authorization token type, Message to identify failure and Endpoint to get access token from refresh token respectively.
    • Value of <API> URLParams should be like; api_user=<API_USER>&api_key=<API_KEY>&data=<DATA>&list<LIST>
    PropertyDescription
    GmailClientIdEnter the Client ID you got in step 10.
    Example: 501390351749-ftjrp3ld9da4ohd1rulogejscpln646s.apps.googleusercontent.com
    GmailClientSecretEnter the client secret you got in step 10.
    Example: dj4st7_m3AclenZR1weFNo1V
    SendgridAPIKeyThis property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.
    GmailRefreshTokenEnter the refresh token that you got as the response in step 12. Example: 1/YgNiepY107SyzJdgpynmf-eMYP4qYTPNG_L73MXfcbv
    GmailEmailEndpointEnter your username of your Gmail account in place of the [userId] place holder. Example: https://www.googleapis.com/gmail/v1/users/alex@gmail.com/messages/send
    SendgridEmailEndpointThis property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.
    accessTokenRequiredAPIs

    Use the default value.

    apiKeyHeaderRequiredAPIs

    This property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.

    SendgridFormData=toThis property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.
    SendgridURLParamsThis property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.
    GmailAuthTokenType Use the default value.
    GmailTokenEndpointUse the the deafult value.
    SendgridAuthTokenTypeThis property is only required if you are using the Sengrid method. Since you are using Gmail APIs, keep the default value.
    Expand
    titleClick here to see a sample configuration
    Code Block
    <AuthenticatorConfig name="EmailOTP" enabled="true">
   <Parameter name="GmailClientId">501390351749-ftjrp3ld9da4ohd1rulogejscpln646s.apps.googleusercontent.com </Parameter>
   <Parameter name="GmailClientSecret">dj4st7_m3AclenZR1weFNo1V</Parameter>
   <Parameter name="SendgridAPIKey">sendgridAPIKeyValue</Parameter>
   <Parameter name="GmailRefreshToken">1/YgNiepY107SyzJdgpynmf-eMYP4qYTPNG_L73MXfcbv</Parameter>
   <Parameter name="GmailEmailEndpoint">https://www.googleapis.com/gmail/v1/users/alex@gmail.com/messages/send</Parameter>
   <Parameter name="SendgridEmailEndpoint">https://api.sendgrid.com/api/mail.send.json</Parameter>
   <Parameter name="accessTokenRequiredAPIs">Gmail</Parameter>
   <Parameter name="apiKeyHeaderRequiredAPIs">Sendgrid</Parameter>
   <Parameter name="SendgridFormData">sendgridFormDataValue</Parameter>
   <Parameter name="SendgridURLParams">sendgridURLParamsValue</Parameter>
   <Parameter name="GmailAuthTokenType">Bearer</Parameter>
   <Parameter name="GmailTokenEndpoint">https://www.googleapis.com/oauth2/v3/token</Parameter>
   <Parameter name="SendgridAuthTokenType">Bearer</Parameter>
   <Parameter name="redirectToMultiOptionPageOnFailure">false</Parameter>
   <Parameter name="usecase">association</Parameter> 
   <Parameter name="useEventHandlerBasedEmailSender">true</Parameter>	
</AuthenticatorConfig>

[Back to Top]

...