This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Maintaining Logins and Passwords

Owned by Former user (Deleted)
Last updated: Aug 30, 2021 by Former user (Deleted)
2 min read

This section covers the following topics: 

Changing the super admin password

To change the default admin password, log in to the management console with admin/admin credentials and use the Change my password option. After changing the credentials, change the same in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file:

<UserManager>
   <Realm>
      <Configuration>
          ...
          <AdminUser>
             <UserName>admin</UserName>                  
             <Password>admin</Password>
          </AdminUser>
      ...
   </Realm>
</UserManager>

Do you have any special characters in passwords?

For usernames and passwords inside XML files, take care when giving special characters. According to XML specification (http://www.w3.org/TR/xml/), some special characters can disrupt the configuration. For example, the ampersand character (&) must not appear in the literal form in XML files. It can cause a Java Null Pointer exception. You must wrap it with CDATA (http://www.w3schools.com/xml/xml_cdata.asp) as shown below or remove the character:


<Password>
    <![CDATA[xnvYh?@VHAkc?qZ%Jv855&A4a,%M8B@h]]>
</Password>

Unlocking the admin user

To unlock an admin user who is locked due to an exceeding number of login failures, restart the server using the -DunlockAdmin system property

Recovering a password

Use <PRODUCT_HOME>/bin/chpasswd.sh script.

Setting up an email login

You can configure WSO2 products to authenticate users using an email or mobile number instead of a username. 

The '@' is a special character in usernames of WSO2 products as it is used in multi-tenant environments to build the user's fully-qualified name. For example, user daniel from the tenant domain WSO2.com has the fully-qualified name daniel@WSO2.com. Before using an email as the username, configure the WSO2 product to differentiate between the '@' symbol in the user's emails and usernames as follows:

  1. Open <PRODUCT_HOME>/repository/conf/carbon.xml

  2. Uncomment the commented out configuration EnableEmailUserName. This enables email authentication.

    <EnableEmailUserName>true</EnableEmailUserName>

    Tip: When you do this configuration, the email becomes the admin username and you cannot configure your email address as an attribute in your user profile.

  3. Next, edit <PRODUCT_HOME>/repository/conf/user-mgt.xml. You might be connected to an LDAP, Active Directory, or a JDBC-based user store. Regardless of the user store manager, change the following:

    ParameterDescription
    UserNameAttribute

    Set the mail attribute of the user.

    <Property name="UserNameAttribute">mail</Property>
    UserNameSearchFilter

    Use the mail attribute of the user instead of cn or uid.

    <Property name="UserNameSearchFilter">(&amp;(objectClass=identityPerson)(mail=?))</Property>
    UserNameListFilter

    Use the mail attribute of the user in the user name filter list as well.

    <Property name="UserNameListFilter">(&amp;(objectClass=identityPerson)(mail=*))</Property>
    UsernameJavaRegEx

    Use the following email regex.

    <Property name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>
    UserDNPattern

    This parameter is used to speed up the LDAP search operations. You can comment out this configuration.

    <!--Property name="UserDNPattern">cn={0},ou=Users,dc=wso2,dc=com</Property-->
    Realm configurations

    The AdminUser username should use the email attribute of the admin user.

    <AdminUser>
         <UserName>admin@wso2.com</UserName>
         <Password>admin</Password>
</AdminUser>