This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Maintaining Logins and Passwords
This section covers the following topics:Â
Changing the super admin password
To change the default admin password, log in to the management console with admin/admin credentials and use the Change my password option. After changing the credentials, change the same in the <PRODUCT_HOME>/repository/conf/user-mgt.xml
file:
<UserManager> <Realm> <Configuration> ... <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> ... </Realm> </UserManager>
Do you have any special characters in passwords?
For usernames and passwords inside XML files, take care when giving special characters. According to XML specification (http://www.w3.org/TR/xml/), some special characters can disrupt the configuration. For example, the ampersand character (&) must not appear in the literal form in XML files. It can cause a Java Null Pointer exception. You must wrap it with CDATA (http://www.w3schools.com/xml/xml_cdata.asp) as shown below or remove the character:
<Password> <![CDATA[xnvYh?@VHAkc?qZ%Jv855&A4a,%M8B@h]]> </Password>
Unlocking the admin user
To unlock an admin user who is locked due to an exceeding number of login failures, restart the server using the -DunlockAdmin
system property
Recovering a password
Use <PRODUCT_HOME>/bin/chpasswd.sh
 script.
Setting up an email login
You can configure WSO2 products to authenticate users using an email or mobile number instead of a username.Â
The '@' is a special character in usernames of WSO2 products as it is used in multi-tenant environments to build the user's fully-qualified name. For example, user daniel from the tenant domain WSO2.com has the fully-qualified name daniel@WSO2.com. Before using an email as the username, configure the WSO2 product to differentiate between the '@' symbol in the user's emails and usernames as follows:
Open
<PRODUCT_HOME>/repository/conf/carbon.xml
Uncomment the commented out configurationÂ
EnableEmailUserName
. This enables email authentication.<EnableEmailUserName>true</EnableEmailUserName>
Tip: When you do this configuration, the email becomes the admin username and you cannot configure your email address as an attribute in your user profile.
Next, edit <
PRODUCT_HOME>/repository/conf/user-mgt.xml
. You might be connected to an LDAP, Active Directory, or a JDBC-based user store. Regardless of the user store manager, change the following:Parameter Description UserNameAttribute
Set the mail attribute of the user.
<Property name="UserNameAttribute">mail</Property>
UserNameSearchFilter
Use the mail attribute of the user instead of cn or uid.
<Property name="UserNameSearchFilter">(&(objectClass=identityPerson)(mail=?))</Property>
UserNameListFilter
Use the mail attribute of the user in the user name filter list as well.
<Property name="UserNameListFilter">(&(objectClass=identityPerson)(mail=*))</Property>
UsernameJavaRegEx
Use the following email regex.
<Property name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>
UserDNPattern
This parameter is used to speed up the LDAP search operations. You can comment out this configuration.
<!--Property name="UserDNPattern">cn={0},ou=Users,dc=wso2,dc=com</Property-->
Realm configurations The
AdminUser
username should use the email attribute of the admin user.<AdminUser> <UserName>admin@wso2.com</UserName> <Password>admin</Password> </AdminUser>