This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Account Lock/Unlock

Identity Server can be configured to lock a user account when configurable number of login attempts are exceeded. Also there are two configurations that can be used to unlock a user account.

  1. By using the unlockUserAccount service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.
  2. By configuring lock time in the identity-mgt.properties file (this can be specified using the Authentication.Policy.Account.Lock.Time parameter).

Also an Admin can directly lock a user account using the lockUserAccount service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

Configuration

Configure the following parameters in the identity-mgt.properties file.

Identity.Listener.Enable=true
Notification.Sending.Enable=true
Notification.Expire.Time=7200
Notification.Sending.Internally.Managed=true
Authentication.Policy.Enable=true
Authentication.Policy.Account.Lock.On.Failure=true
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2
Authentication.Policy.Account.Lock.Time=2

The defined time is in minutes for the Authentication.Policy.Account.Lock.Time and Notification.Expire.Time properties.


Configure the following claims and correctly map the attributes with existing underlying user store.


Configure the email template as follows.

<configuration type="accountUnLock">
	<targetEpr></targetEpr>
	<subject>WSO2 Carbon - Your account unlocked</subject>
	<body>
		Hi {first-name},


		Please note that the account registered with us with the user name : {user-name} has been unlocked by Admin. 


	</body>
	<footer>
		Best Regards,
		WSO2 Identity Server Team
		http://www.wso2.com
	</footer>
	<redirectPath></redirectPath>
</configuration>