Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

User Account Lock/Unlock in WSO2 IS

DZone's Guide to

User Account Lock/Unlock in WSO2 IS

· Integration Zone ·
Free Resource

How to Transform Your Business in the Digital Age: Learn how organizations are re-architecting their integration strategy with data-driven app integration for true digital transformation.

Identity Server can be configured to lock a user when configurable number of login attempts are exceeded or via unlockUserAccount service.

Now we can try this Out.

1. Update below parameters  wso2is-4.6.0\repository\conf\security\identity-mgt.properties

2. Identity.Listener.Enable=true

Notification.Sending.Enable=true

Notification.Expire.Time=7200

Notification.Sending.Internally.Managed=true

Authentication.Policy.Enable=true

Authentication.Policy.Account.Lock.On.Failure=true

Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=2

Authentication.Policy.Account.Lock.Time=2

[NOTE]

I changed
Password.policy.extensions.3.pattern=^((?=.* )).{0,100}$
as mean to easy to create user pass word and for demo

Do below change in 'carbon.xml' to try services in soap UI
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

3. Then start serve.

4. Add the following claims and correctly map the 'attributes' with existing user store/LDAP

by navigating into 'Home > Configure > Claim Management > Claim View'

[a href="http://wso2.org/claims/identity/accountLocked"]http://wso2.org/claims/identity/accountLocked
http://wso2.org/claims/identity/unlockTime
http://wso2.org/claims/identity/failedLoginAttempts

Used description,pager and streetAddress for mapping attributes

image

Now Time for Demo

6. Create tenant 'Home -> Configure -> Multitenancy -> Add New Tenant'

image

7. For the tenant we need to added user and role for demo so Login with tenant domain  admin.

8. Added role for ‘login’ permission called ‘loginRole’

image

9. Create User for tenant with above role

image

image

10. Now login IS as 'madhuka@lk.com'

image

11. Open SOAP UI and open 'unlockUserAccount' service in https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

12. Call service as below

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
  <ser:lockUserAccount>
  <!--Optional:-->
  <ser:userName>madhuka</ser:userName>
  </ser:lockUserAccount>
  </soapenv:Body>
</soapenv:Envelope>

image

13. Now login as tenant admin and view ‘madhuka’ profile you see it is been locked

image

14. try to login as ‘madhuka@lk.com’

image

Yap, Account has locked!!!

15.  Now I will unlock user madhuka from ‘unlockUserAccount’

image

Now we try to login as madhuka again, You are in…

Here is my demo Console log. Smile

image

It is you time to play with user lock and unlock in WSO2 IS

Make your mark on the industry’s leading annual report. Fill out the State of API Integration 2019 Survey and receive $25 to the Cloud Elements store.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}