This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Account Lock/Unlock
- Former user (Deleted)
Identity Server can be configured to lock a user account when configurable number of login attempts are exceeded. Also there are two configurations that can be used to unlock a user account.
- By using the unlockUserAccount service in
https://localhost:9443/services/UserIdentityManagementAdminService?wsdl. - By configuring lock time in the identity-mgt.properties file (this can be specified using the Authentication.Policy.Account.Lock.Time parameter).
Also an Admin can directly lock a user account using the lockUserAccount service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.
Configuration
Configure the following parameters in the identity-mgt.properties file.
Identity.Listener.Enable=true Notification.Sending.Enable=true Notification.Expire.Time=7200 Notification.Sending.Internally.Managed=true Authentication.Policy.Enable=true Authentication.Policy.Account.Lock.On.Failure=true Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2 Authentication.Policy.Account.Lock.Time=2
The defined time is in minutes for the Authentication.Policy.Account.Lock.Time and Notification.Expire.Time properties.
Configure the following claims and correctly map the attributes with existing underlying user store.
http://wso2.org/claims/identity/accountLockedhttp://wso2.org/claims/identity/unlockTimehttp://wso2.org/claims/identity/failedLoginAttempts
Configure the email template as follows.
<configuration type="accountUnLock">
<targetEpr></targetEpr>
<subject>WSO2 Carbon - Your account unlocked</subject>
<body>
Hi {first-name},
Please note that the account registered with us with the user name : {user-name} has been unlocked by Admin.
</body>
<footer>
Best Regards,
WSO2 Identity Server Team
http://www.wso2.com
</footer>
<redirectPath></redirectPath>
</configuration>