If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.
Skip to end of metadata
Go to start of metadata

This section covers the following topics: 

Changing the super admin password

To change the default admin password, log in to the management console with admin/admin credentials and use the Change my password option. After changing the credentials, change the same in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file:


Do you have any special characters in passwords?

For usernames and passwords inside XML files, take care when giving special characters. According to XML specification (http://www.w3.org/TR/xml/), some special characters can disrupt the configuration. For example, the ampersand character (&) must not appear in the literal form in XML files. It can cause a Java Null Pointer exception. You must wrap it with CDATA (http://www.w3schools.com/xml/xml_cdata.asp) as shown below or remove the character:


Unlocking the admin user

To unlock an admin user who is locked due to an exceeding number of login failures, restart the server using the -DunlockAdmin system property

Recovering a password

Use <PRODUCT_HOME>/bin/chpasswd.sh script.

Setting up an email login

You can configure WSO2 products to authenticate users using an email or mobile number instead of a username. 

The '@' is a special character in usernames of WSO2 products as it is used in multi-tenant environments to build the user's fully-qualified name. For example, user daniel from the tenant domain WSO2.com has the fully-qualified name daniel@WSO2.com. Before using an email as the username, configure the WSO2 product to differentiate between the '@' symbol in the user's emails and usernames as follows:

  1. Open <PRODUCT_HOME>/repository/conf/carbon.xml

  2. Uncomment the commented out configuration EnableEmailUserName. This enables email authentication.


    Tip: When you do this configuration, the email becomes the admin username and you cannot configure your email address as an attribute in your user profile.

  3. Next, edit <PRODUCT_HOME>/repository/conf/user-mgt.xml. You might be connected to an LDAP, Active Directory, or a JDBC-based user store. Regardless of the user store manager, change the following:


    Set the mail attribute of the user.

    <Property name="UserNameAttribute">mail</Property>

    Use the mail attribute of the user instead of cn or uid.

    <Property name="UserNameSearchFilter">(&amp;(objectClass=identityPerson)(mail=?))</Property>

    Use the mail attribute of the user in the user name filter list as well.

    <Property name="UserNameListFilter">(&amp;(objectClass=identityPerson)(mail=*))</Property>

    Use the following email regex.

    <Property name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>

    This parameter is used to speed up the LDAP search operations. You can comment out this config.

    <!--Property name="UserDNPattern">cn={0},ou=Users,dc=wso2,dc=com</Property-->
    Realm configurations

    The AdminUser username should use the email attribute of the admin user.

  • No labels