Thursday, February 25, 2016

Account Deactivation with WSO2 Identity Server - 5.2.0

This is about a new feature addition that can be expected to be out with WSO2 Identity Server 5.2.0 version, which has been added to the current master branch for WSO2 IS at https://github.com/wso2/carbon-identity/.

This feature is to cater for account disability requirements in addition to account locking. Account disabling function is provided through a user claim as similar to account locking functionality. While account locking is a temporarily blocking of user login due to a defined policy like consecutive unsuccessful login, account disabling will cater for disabling user account which is much more long term.

How to try?
  • Enable 'org.wso2.carbon.identity.mgt.IdentityMgtEventListener' in <IS_HOME>/repository/conf/identity/identity.xml file under Event Listeners.
  <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
                       orderId="50" enable="true"/>
  • in <IS_HOME>/repository/conf/identity/identity-mgt.properties file configure below properties.
Authentication.Policy.Enable=true 

After the configurations are done, restart the server to have them effective.
Under claim manaement of WSO2 Identity Server, edit the claim "http://wso2.org/claims/identity/accountDisabled"to be supported by default. How to do this is described at https://docs.wso2.com/display/IS510/Editing+Claim+Mapping.

Now the required configurations are done. We can disable, enable user accounts through user profile.


No comments :

Post a Comment