Monday, October 3, 2016

Password History Extension for WSO2 Identity Server 5.2.0

WSO2 Identity Server 5.2.0 was released in last month (September 2016). You can download the Identity Sever 5.2.0 from here.

It supports a lot of Identity and Access Management features OOTB and you can find them from here.
Currently, In Identity Server 5.2.0 version does not support password history validation feature OOTB.  (This feature will be supported OOTB in next release which is planned in December 2016).
Although this feature is not supported OOTB, it can be supported easily through an extension. In this blog, I have implemented a sample  which will support following features for IS 5.2.0.

  • Password cannot have been used in previous 'n' password changes
  • Password cannot have been previously used in past 'm' hours. 

Here the 'n' and 'm' should be configurable parameters. 

You can go through following steps to add password history feature in IS 5.2.0.
  1. Download Identity Server 5.2.0 from here
  2. Go through the installation guide and install Java and Maven.
  3. Download the Extention source code from here.
  4. Goto inside password_history folder and run the command "mvn clean install"
  5. Copy password_history/target/org.wso2.custom-1.0.0.jar file to <IS_HOME>/repository/components/dropins folder
  6. password_history/src/main/resources/dbScripts directory contains following db scripts files. Run the relevant configuration file based on your database configured in identity.xml file.
    • db2.sql  
    • informix.sql 
    • mysql.sql    
    • oracle.sql
    • h2.sql   
    • mssql.sql     
    • oracle_rac.sql  
    • postgresql.sql
  7. Copy password_history/src/main/resources/ file into <IS_HOME>/repository/conf/Identity directory. It has following configrable parameters and configure them according to the requirements.
    • #If true, password history feature will be enabled
    • PasswordHistory.Enable=true

    • #Password cannot have been used in the previous 'X' password changes
    • PasswordHistory.Count=5

    • #Password cannot have been previously used in the past 24 hours
    • PasswordHistory.Time=24

    • #Password Digest Algorithm
    • PasswordHistory.hashingAlgorithm=SHA-256

    • #Password History data store extension point
  8. Start Identity Server
  9. Then you are done. You can try the feature by adding user and updating credentials.