/
Maintaining Logins and Passwords

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Maintaining Logins and Passwords

Aug 30, 2021

This section covers the following topics: 

Changing the super admin password

To change the default admin password, log in to the management console with admin/admin credentials and use the Change my password option. After changing the credentials, change the same in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file:

<UserManager> <Realm> <Configuration> ... <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> ... </Realm> </UserManager>

Do you have any special characters in passwords?

For usernames and passwords inside XML files, take care when giving special characters. According to XML specification (http://www.w3.org/TR/xml/), some special characters can disrupt the configuration. For example, the ampersand character (&) must not appear in the literal form in XML files. It can cause a Java Null Pointer exception. You must wrap it with CDATA (http://www.w3schools.com/xml/xml_cdata.asp) as shown below or remove the character:

 

<Password> <![CDATA[xnvYh?@VHAkc?qZ%Jv855&A4a,%M8B@h]]> </Password>

 

Unlocking the admin user

To unlock an admin user who is locked due to an exceeding number of login failures, restart the server using the -DunlockAdmin system property

Recovering a password

Use <PRODUCT_HOME>/bin/chpasswd.sh script.

Setting up an email login

You can configure WSO2 products to authenticate users using an email or mobile number instead of a username. 

The '@' is a special character in usernames of WSO2 products as it is used in multi-tenant environments to build the user's fully-qualified name. For example, user daniel from the tenant domain WSO2.com has the fully-qualified name daniel@WSO2.com. Before using an email as the username, configure the WSO2 product to differentiate between the '@' symbol in the user's emails and usernames as follows:

  1. Open <PRODUCT_HOME>/repository/conf/carbon.xml

  2. Uncomment the commented out configuration EnableEmailUserName. This enables email authentication.

    <EnableEmailUserName>true</EnableEmailUserName>

  3. Next, edit <PRODUCT_HOME>/repository/conf/user-mgt.xml. You might be connected to an LDAP, Active Directory, or a JDBC-based user store. Regardless of the user store manager, change the following: