The user account recovery feature implemented in the Identity Server helps to recover the username of the account if the user has forgotten it. This recovery process is also secured with captcha verification.
The service caller can define any number of claims that should be used in the user details verification. The first claim can be the email address and others can be the required attributes in the user registration such as first name or last name. This is helpful to search for a user if the system accepts multiple accounts with the same email address.
Upon the successful verification of the user details, the user account id is sent to the user by email.
For this to be possible, the user needs to fill the details in their respective user profile such as email, first name, last name and any other required attributes.
The sequence of service calls are described below and these are available in the service API https://localhost:9443/services/UserInformationRecoveryService?wsdl
.
Configure the identity-mgt.properties file with the following:
Identity.Listener.Enable=true
Notification.Sending.Internally.Managed=trueConfigure the email-admin-config.xml file with the email template with the type “accountConfirmation”. The following is a sample template.
<configuration type="accountIdRecovery"> <targetEpr></targetEpr> <subject>WSO2 Carbon Account Recovery</subject> <body> Hi {first-name} We received a request to recover your account user name. The account associated with us indicates that the user name is : {user-name} </body> <footer> Best Regards, WSO2 Carbon Team http://www.wso2.com </footer> <redirectPath></redirectPath> </configuration>
- getUserIdentitySupportedClaims() - This method returns all the claims defined in the Identity Server which are supported and not read only. You need to give the dialet which is by default “http://wso2.org/claims”.
- getCaptcha() - Get the captcha for the current request.
- verifyAccount() - Verifies the captcha, user claim values and tenant domain which is used to search for the user. You can define the claim values returned from the getUserIdentitySupportedClaims() call. Hence you can define which claims should be used in the verification by passing only those required. Upon successful verification the user id is sent by email to the user. Also this returns the success/failed status of the verification.