Saturday, September 13, 2014

How to Lock, user account in WSO2 Identity Server 5.0.0

WSO2 Identity Server can be configured to lock the user account for exceeding maximum login attempts. It can be done from Identity Management feature and you can use [1] for configuring the identity management feature.

There can be scenarios where admin wants to lock and unlock  user account and Identity Server supports this feature through Management Console. Following steps can be used to lock user account through admin console.

Step1

Download and Install WSO2 Identity Server 5.0.0 from here.

 Step2

Open web browser and go to   https://localhost:9443/carbon/admin


1


Login with following credentials

Username :  admin
Password  : admin


Step3


Assign login permission to internal/everyone role.

Step4


Follow steps in here to add a new user and assign internal/everyone role to created user.

Step5


Sign out from the admin user and try to log to the Identity Server with newly added user's credentials
You should be able to log in since account is not lock by default.

Step6


Login as admin and go to configure tab and select claim Management. Then select 'http://wso2.org/claims' link and click edit the Account Lock claim. Click the Supported by Default chekbox and save the changes.

Step7


Then go to User Account Edit page and type true in Account Locked Field. Then the user is locked.







[1] https://docs.wso2.com/pages/viewpage.action?pageId=34612027