Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Edit the identity­-mgt.properties file with the following configuration under {carbon_home}/repository/conf/security.

    Code Block
    languagejava
    Identity.Listener.Enable=true
Notification.Sending.Enable=true
Notification.Expire.Time=3 # expire the recovery after 3 minutes.
Notification.Sending.Internally.Managed=true
UserAccount.Recovery.Enable=true
Captcha.Verification.Internally.Managed=false # set this to true if you do not have existing captcha validation module
  2. Edit the email-­admin-­config.xml file with the following configuration under {carbon_home}/repository/conf/email.

  3. Define a email format with the type “passwordReset”. The following is a sample format:

    Code Block
    languagehtml/xml
    <configuration type="passwordReset">
	<targetEpr>https://localhost:9443/carbon/admin­mgt/validator_ajaxprocessor.jsp</targetEpr>
	<subject>Password Reset Notification</subject>
	<body>
		Hi {first-­name}
		We received a request to change the password on the {user-­name} account
		associated with this e­mail address. If you made this request, please click
		the link below to securely change your password:


		{password-­reset-­link}


		If clicking the link doesn't seem to work, you can copy and paste the link
		into your browser's address window.


		If you did not request to have your {user-­name} password reset, simply
		disregard this email and no changes to your
		account will be made.
	</body>
	<footer>
		Best Regards,
		WSO2 Carbon Team Teamhttphttp://www.wso2.com
	</footer>
	<redirectPath></redirectPath>
</configuration>
  4. The email sent to user includes the {password-­reset-­link} replaced with the URL defined within the targetEprtag appending the confirmation={key} which the Identity Server API caller needs to pass along with the user name.

  5. Edit the axis.xml with the following configuration under {carbon_home}/axis2/. Uncomment the following in the file and provide the necessary email settings.

    Code Block
    languagehtml/xml
    <transportSender name="mailto"
class="org.apache.axis2.transport.mail.MailTransportSender">
	<parameter name="mail.smtp.from">chamathtest@gmail>sampleemail@gmail.com</parameter>
	<parameter name="mail.smtp.user">chamathtest@gmail>sampleemail@gmail.com</parameter>
	<parameter name="mail.smtp.password">password</parameter>
	<parameter name="mail.smtp.host">smtp.gmail.com</parameter>
	<parameter name="mail.smtp.port">587</parameter>
	<parameter name="mail.smtp.starttls.enable">true</parameter>
	<parameter name="mail.smtp.auth">true</parameter>
</transportSender>

Recovering the password with email notification can be achived achieved using the exposed UserInformationRecoveryService where the WSDL can be found in the following URL of your Identity Server installation: https://localhost:9443/services/UserInformationRecoveryService?wsdl.

The service security is implemented using Captcha and confirmation codes expire after a while. Also for each communication, the generated confirmation code is not reused by the service. This makes the services secure and fails repeated attempts to access the same service. Hence the sequence of calls which the Calling Application must do is as follows for email-based recovery:

...