The user account recovery feature implemented in the Identity Server helps to recover the username of the account if the user has forgotten it. This recovery process is also secured with captcha verification.
The service caller can define any number of claims that should be used in the user details verification. The first claim can be the email address and others can be the required attributes in the user registration such as first name or last name. This is helpful to search for a user if the system accepts multiple accounts with the same email address.
Upon the successful verification of the user details, the user account id is sent to the user by email.
For this to be possible, the user needs to fill the details in their respective user profile such as email, first name, last name and any other required attributes.
The sequence of service calls are described below and these are available in the service API
<IS_HOME>/repository/conf/security/identity-mgt.propertiesfile with the following.
See the following table for descriptions of these configurations.ConfigurationDescription
This enables the identity listener.
This enables the internal email sending module. If
false, the email sending data is available to the application via a Web service. Thus the application can send the email using its own email sender.
<IS_HOME>/repository/conf/email/email-admin-config.xmlfile with the email template with the type “
accountIdRecovery”. The following is a sample template.
- getUserIdentitySupportedClaims() - This method returns all the claims defined in the Identity Server which are supported and not read only. You need to give the dialet which is by default “http://wso2.org/claims”.
- getCaptcha() - Get the captcha for the current request.
- verifyAccount() - Verifies the captcha, user claim values and tenant domain which is used to search for the user. You can define the claim values returned from the getUserIdentitySupportedClaims() call. Hence you can define which claims should be used in the verification by passing only those required. Upon successful verification the user id is sent by email to the user. Also this returns the success/failed status of the verification.