This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring reCaptcha for Password Recovery

Owned by Gomathy Kumarakuruparan (Unlicensed)
Last updated: Mar 28, 2019
1 min read

The password account recovery feature implemented in WSO2 Identity Server helps to recover the password of the account in case the user forgets it. This recovery process can also be secured with captcha verification.

By configuring reCaptcha, you can mitigate or block brute force attacks.

For more information on setting up password recovery, see Password Recovery.

For more information on brute force attacks, see Mitigating Brute Force Attacks.

There are two ways to configure this feature.

  1. Configuring password recovery reCaptcha using the management console
  2. Globally configure the reCaptcha for password recovery

Configuring password recovery reCaptcha using the management console

  1. Set up reCaptcha with WSO2 Identity Server. For instructions on how to do this, and more information about reCaptcha, see Setting Up ReCaptcha

  2. Start WSO2 Identity Server and log into the management console.

  3. On the Main tab, click Identity provider → Resident.

  4. Expand Account Management Policies, and select the Account Recovery tab.

  5. Select the Enable reCaptcha for Password Recovery checkbox to enable reCaptcha for the password recovery flow.

  6. You have now successfully configured reCaptcha for the password recovery flow. Start WSO2 Identity Server and log into the end user dashboard.

    If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

  7. Click on Forgot Password.


    You are redirected to the Recover Password page where you can select the reCaptcha option. 

Globally configure the reCaptcha for password recovery

  1. Navigate to the identity.xml file in <IS_HOME>/repository/conf/identity and uncomment the following configuration block.

    To avoid any configuration issues, do this before starting the WSO2 Identity Server product instance.

    <Recovery>
     <ReCaptcha>
                <Password>
                <Enable>true</Enable>
                 </Password>
                 <Username>
                <Enable>false</Enable>
                 </Username>
     </ReCaptcha>

     <Notification>
           ………………
           ……………….

</Recovery>

  2. Set up reCaptcha with WSO2 Identity Server. For instructions on how to do this, and for more information about reCaptcha, see Setting Up ReCaptcha.

  3. You have now successfully configured reCaptcha for the password recovery flow. Start WSO2 Identity Server and log in to the end user dashboard.

    If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

  4. Click on Forgot Password.

         

You are redirected to the Recover Password page where you can select the reCaptcha option.