This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring Account Recovery Via User Preferred Notification Channel
- Former user (Deleted)
- Former user (Deleted)
To use this feature, apply the 5976 WUM update for WSO2 IS 5.7.0 using the WSO2 Update Manager (WUM).
To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.
WSO2 Identity Server allows the user to recover their account username or password via a user-preferred channel. After initiating a username or password recovery, the user will be prompted to select a recovery channel and the user will then be notified via the selected notification channel.
| Channel Name | Claim | Channel Verified Claim |
|---|---|---|
| SMS | http://wso2.org/claims/mobile | http://wso2.org/claims/phoneVerified |
| http://wso2.org/claims/emailaddress | http://wso2.org/claims/emailVerified |
This page guides you through configuring a user-preferred channel for account recovery and trying it out.
Account recovery flow
- The user provides a set of unique claims to identify the user account.
- Then, the server will prompt the user to select one of the available notification channels to receive the recovery notification.
- The user selects a notification channel.
- The server sends the recovery notification to the user via the preferred notification channel.
- If the flow is initiated for password recovery and the preferred channel is:
- Email: Click on the reset link in the email and reset the password.
- SMS: Provide the received One-Time Password(OTP) and reset the password.
Configure WSO2 Identity Server
Configure the following email settings in the <
IS_HOME>/repository/conf/output-event-adapters.xmlfile.mail.smtp.fromProvide the email address of the SMTP account. mail.smtp.userProvide the username of the SMTP account. mail.smtp.passwordProvide the password of the SMTP account. <adapterConfig type="email"> <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust based authentication rather username/password authentication --> <property key="mail.smtp.from">abcd@gmail.com</property> <property key="mail.smtp.user">abcd</property> <property key="mail.smtp.password">xxxx</property> <property key="mail.smtp.host">smtp.gmail.com</property> <property key="mail.smtp.port">587</property> <property key="mail.smtp.starttls.enable">true</property> <property key="mail.smtp.auth">true</property> <!-- Thread Pool Related Properties --> <property key="minThread">8</property> <property key="maxThread">100</property> <property key="keepAliveTimeInMillis">20000</property> <property key="jobQueueSize">10000</property> </adapterConfig>Create a new stream and add it to the
<IS_HOME>/repository/deployment/server/eventstreamsfolder. A sample stream is given below.Sample stream{ "name": "id_gov_sms_notify_stream", "version": "1.0.0" }Create a new publisher and add it to the
<IS_HOME>/repository/deployment/server/eventpublishersfolder.
For more information, see HTTP Event Publisher in the WSO2 Data Analytics Server documentation.Sample publisher<?xml version="1.0" encoding="UTF-8"?> <eventPublisher name="HTTPOutputEventAdapter" processing="enable" statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventpublisher"> <from streamName="id_gov_sms_notify_stream" version="1.0.0"/> <mapping customMapping="enable" type="json"> <inline>{"api_key"="4cb4asxasx9374", "api_secret"="asacareftbr31244", "from"="NEXMO", "to"={{mobile}}, "text"={{body}} }</inline> </mapping> <to eventAdapterType="http"> <property name="http.client.method">httpPost</property> <property name="http.url">http://localhost:8006/productionStream</property> </to> </eventPublisher>Configure the
identity-event.propertiesfile found in the<IS_HOME>/repository/conf/identityfolder to subscribe the event handler to trigger notifications.Sample notification handler configurationmodule.name.13=default.notification.sender default.notification.sender.subscription.1=TRIGGER_SMS_NOTIFICATION default.notification.sender.subscription.TRIGGER_SMS_NOTIFICATION.stream=id_gov_sms_notify_stream:1.0.0 default.notification.sender.subscription.TRIGGER_SMS_NOTIFICATION.claim.mobile=http://wso2.org/claims/mobile
- Add the following configurations to the
identity.xmlin<IS_HOME>/repository/conf/identityfolder.Add the following configurations within the
<Recovery> <Notification>tags.<ExpiryTime> <ResendCode>1</ResendCode> <RecoveryCode>1</RecoveryCode> </ExpiryTime>
Add the following configurations within the
<Recovery> <Notification> <Password>tags.<ExpiryTime> <smsOtp>1</smsOtp> </ExpiryTime>
- Restart the server to apply the configurations.
Configure account recovery
- Click Resident under Identity Providers.
- Expand Account Management Policies and then expand Account Recovery.
- Select Enable Notification Based Password Recovery and Enable Username Recovery.
- Set the SMS OTP Expiry Time to configure the validation time of the OTP codes.
- Select Internal Notification Management to enable sending notifications from WSO2 Identity Server. WSO2 IS is capable of sending notifications via Email or SMS.
- Add the following SMS templates to the registry. For instructions, see Managing SMS Notification Templates Using the Registry.
- passwordReset
- passwordResetSucess
- resendPasswordReset
- accountIdRecovery
Click Claims > Add > Add Local Claim.
Add the
Preferred Channel Claimas a local claim: http://wso2.org/claims/identity/preferredChannel.The claim URI is case sensitive.
NOTE: Not configuring the above claim will give errors.