Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

User Account Lock/Unlock in WSO2 IS

DZone's Guide to

User Account Lock/Unlock in WSO2 IS

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

Identity Server can be configured to lock a user when configurable number of login attempts are exceeded or via unlockUserAccount service.

Now we can try this Out.

1. Update below parameters  wso2is-4.6.0\repository\conf\security\identity-mgt.properties

2. Identity.Listener.Enable=true

Notification.Sending.Enable=true

Notification.Expire.Time=7200

Notification.Sending.Internally.Managed=true

Authentication.Policy.Enable=true

Authentication.Policy.Account.Lock.On.Failure=true

Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2

Authentication.Policy.Account.Lock.Time=2

[NOTE]

I changed
Password.policy.extensions.3.pattern=^((?=.* )).{0,100}$
as mean to easy to create user pass word and for demo

Do below change in 'carbon.xml' to try services in soap UI
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

3. Then start serve.

4. Add the following claims and correctly map the 'attributes' with existing user store/LDAP

by navigating into 'Home > Configure > Claim Management > Claim View'

[a href="http://wso2.org/claims/identity/accountLocked"]http://wso2.org/claims/identity/accountLocked
http://wso2.org/claims/identity/unlockTime
http://wso2.org/claims/identity/failedLoginAttempts

Used description,pager and streetAddress for mapping attributes

image

Now Time for Demo

6. Create tenant 'Home -> Configure -> Multitenancy -> Add New Tenant'

image

7. For the tenant we need to added user and role for demo so Login with tenant domain  admin.

8. Added role for ‘login’ permission called ‘loginRole’

image

9. Create User for tenant with above role

image

image

10. Now login IS as 'madhuka@lk.com'

image

11. Open SOAP UI and open 'unlockUserAccount' service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

12. Call service as below

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
  <ser:lockUserAccount>
  <!--Optional:-->
  <ser:userName>madhuka</ser:userName>
  </ser:lockUserAccount>
  </soapenv:Body>
</soapenv:Envelope>

image

13. Now login as tenant admin and view ‘madhuka’ profile you see it is been locked

image

14. try to login as ‘madhuka@lk.com’

image

Yap, Account has locked!!!

15.  Now I will unlock user madhuka from ‘unlockUserAccount’

image

Now we try to login as madhuka again, You are in…

Here is my demo Console log. Smile

image

It is you time to play with user lock and unlock in WSO2 IS

With SnapLogic’s integration platform you can save millions of dollars, increase integrator productivity by 5X, and reduce integration time to value by 90%. Sign up for our risk-free 30-day trial!

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}