Forced Password Reset Via Email by Admin users In Wso2 IS 5.3.0

Why Forced Password is important?
If a user forgets his credentials and requested the admin to reset his password or the credentials get exposed to outsiders. In both cases admin can forcefully reset the password.


High Level Steps
  • Configuring Identity Server 
  •  Password reset via recovery Email
   
Detailed Instructions 
  • Enable account recovery functionality
    1. Open the output-event-adapters.xml file found in the <IS_HOME>/repository/conf directory.
    2. Configure the relevant property values for the email server that you need to configure for this service under the <adapterConfig type="email"> tag.
     
    <adapterConfig type="email">
    <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
    based authentication rather username/password authentication -->
    <property key="mail.smtp.from">abcd@gmail.com</property>
    <property key="mail.smtp.user">abcd</property>
    <property key="mail.smtp.password">xxxx</property>
    <property key="mail.smtp.host">smtp.gmail.com</property>
    <property key="mail.smtp.port">587</property>
    <property key="mail.smtp.starttls.enable">true</property>
    <property key="mail.smtp.auth">true</property>
    <!-- Thread Pool Related Properties -->
    <property key="minThread">8</property>
    <property key="maxThread">100</property>
    <property key="keepAliveTimeInMillis">20000</property>
    <property key="jobQueueSize">10000</property>
    </adapterConfig>

    3. Start the IS server and login to the management console with admin/admin credentials. 4. Create a new user with the username "tom" and update his user profile with a valid email address and other information.
    5. Create a new role called "test role" with login permissions and assign it to the new user, "test".
    6. Login to the dashboard as Tom. The login should be successful.
    7. Click on Resident under Identity Providers found in the Main tab.
    8. Expand the Account Management Policies tab.
    9. Expand the Password Reset tab and enable 'Enable Password Reset via Recovery Email'.
    10. Create a new SOAP-UI project by importing below the WSDL: https://localhost:9443/services/UserProfileMgtService?wsdl.
    11. Use the setUserProfile method to send a soap request to update the http://wso2.org/claims/identity/adminForcedPasswordReset claim of the project.

    12. Login to the email account you provided in test user profile

    Expected Outcome
    There will be a new email with an OTP (one time password) provided to login to the account.






     

Comments

  1. In order to make it send emails from our own gmail account the steps added will need to be followed...

    https://www.authsmtp.co.uk/gmail/index.html

    ReplyDelete
  2. Harrah's Cherokee Casino & Hotel - Mandiri Hub
    Harrah's 당진 출장안마 Cherokee Casino 하남 출장안마 & Hotel is Cherokee's premier integrated casino resort. Visit us 의왕 출장안마 for non-stop gaming action, dining, shopping, 양산 출장샵 entertainment 서울특별 출장안마 and more.

    ReplyDelete

Post a Comment

Popular posts from this blog

Applying CORS Filter to wso2 Identity Server

Secure Wso2 ESB REST APIs using Kerberos

JWKS endpoint of wso2 IS