Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

User Account Lock/Unlock in WSO2 IS

DZone's Guide to

User Account Lock/Unlock in WSO2 IS

· Integration Zone
Free Resource

Today’s data climate is fast-paced and it’s not slowing down. Here’s why your current integration solution is not enough. Brought to you in partnership with Liaison Technologies.

Identity Server can be configured to lock a user when configurable number of login attempts are exceeded or via unlockUserAccount service.

Now we can try this Out.

1. Update below parameters  wso2is-4.6.0\repository\conf\security\identity-mgt.properties

2. Identity.Listener.Enable=true

Notification.Sending.Enable=true

Notification.Expire.Time=7200

Notification.Sending.Internally.Managed=true

Authentication.Policy.Enable=true

Authentication.Policy.Account.Lock.On.Failure=true

Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2

Authentication.Policy.Account.Lock.Time=2

[NOTE]

I changed
Password.policy.extensions.3.pattern=^((?=.* )).{0,100}$
as mean to easy to create user pass word and for demo

Do below change in 'carbon.xml' to try services in soap UI
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

3. Then start serve.

4. Add the following claims and correctly map the 'attributes' with existing user store/LDAP

by navigating into 'Home > Configure > Claim Management > Claim View'

[a href="http://wso2.org/claims/identity/accountLocked"]http://wso2.org/claims/identity/accountLocked
http://wso2.org/claims/identity/unlockTime
http://wso2.org/claims/identity/failedLoginAttempts

Used description,pager and streetAddress for mapping attributes

image

Now Time for Demo

6. Create tenant 'Home -> Configure -> Multitenancy -> Add New Tenant'

image

7. For the tenant we need to added user and role for demo so Login with tenant domain  admin.

8. Added role for ‘login’ permission called ‘loginRole’

image

9. Create User for tenant with above role

image

image

10. Now login IS as 'madhuka@lk.com'

image

11. Open SOAP UI and open 'unlockUserAccount' service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

12. Call service as below

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
  <ser:lockUserAccount>
  <!--Optional:-->
  <ser:userName>madhuka</ser:userName>
  </ser:lockUserAccount>
  </soapenv:Body>
</soapenv:Envelope>

image

13. Now login as tenant admin and view ‘madhuka’ profile you see it is been locked

image

14. try to login as ‘madhuka@lk.com’

image

Yap, Account has locked!!!

15.  Now I will unlock user madhuka from ‘unlockUserAccount’

image

Now we try to login as madhuka again, You are in…

Here is my demo Console log. Smile

image

It is you time to play with user lock and unlock in WSO2 IS

Is iPaaS solving the right problems? Not knowing the fundamental difference between iPaaS and iPaaS+ could cost you down the road. Brought to you in partnership with Liaison Technologies.

Topics:

Published at DZone with permission of Madhuka Udantha, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}