This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Account Lock/Unlock

Identity Server can be configured to lock a user account when configurable number of login attempts are exceeded. Also there are two configurations that can be used to unlock a user account.

  1. By using theĀ unlockUserAccount service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.
  2. By configuring lock time in the identity-mgt.properties file (this can be specified using the Authentication.Policy.Account.Lock.Time parameter).

Also an Admin can directly lock a user account using the lockUserAccount service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

Configuration

Configure the following parameters in theĀ identity-mgt.properties file.

Identity.Listener.Enable=true
Notification.Sending.Enable=true
Notification.Expire.Time=7200
Notification.Sending.Internally.Managed=true
Authentication.Policy.Enable=true
Authentication.Policy.Account.Lock.On.Failure=true
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2
Authentication.Policy.Account.Lock.Time=2


Configure the following claims and correctly map the attributes with existing underlying user store.


Configure the email template as follows.

<configuration type="accountUnLock">
	<targetEpr></targetEpr>
	<subject>WSO2 Carbon - Your account unlocked</subject>
	<body>
		Hi {first-name},


		Please note that the account registered with us with the user name : {user-name} has been unlocked by Admin. 


	</body>
	<footer>
		Best Regards,
		WSO2 Identity Server Team
		http://www.wso2.com
	</footer>
	<redirectPath></redirectPath>
</configuration>