This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The one time password feature is used to facilitate the users who wishes to have a new password each time they login. This increases the security to prevent password theft since at each login, the user gets a new password. Also this helps users who do not like to remember passwords all the time.

In WSO2 Identity Server when users enable OTP using their profile configuration, each time when the user logs in a new password is sent to the user’s email. This password can be used next time when the user needs to login.

Configuration

Enable the claim for OTP in the {carbon_home}/repository/conf/claim­config.xml file as shown below:

<Claim>
	<ClaimURI>http://wso2.org/claims/identity/otp</ClaimURI>
	<DisplayName>One Time Password</DisplayName>
	<AttributeID>oneTimePassword</AttributeID>
	<Description>One Time Password</Description>
	<SupportedByDefault />
</Claim>

Also make sure the underlying data store has the correct attribute (oneTimePassword) mapping present to store the state.

Set the following configuration in the {carbon_home}/repository/conf/security/identity­mgt.properties file.

Identity.Listener.Enable=true
Authentication.Policy.Check.OneTime.Password=true

Enabling OTP

Once the configuration is done, restart the server for your changes to take effect. Then login as a user and check the one time password feature. Also fill the necessary profile details including email.

Now when the user logs out and logs in again, a new password is generated and emailed to the user’s email.

 

  • No labels