This documentation is for WSO2 Identity Server 5.2.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The user account recovery feature implemented in the Identity Server helps to recover the username of the account if the user has forgotten it. This recovery process is also secured with captcha verification.

The service caller can define any number of claims that should be used in the user details verification. The first claim can be the email address and others can be the required attributes in the user registration such as first name or last name. This is helpful to search for a user if the system accepts multiple accounts with the same email address.

Upon the successful verification of the user details, the user account id is sent to the user by email.

For this to be possible, the user needs to fill the details in their respective user profile such as email, first name, last name and any other required attributes.

The sequence of service calls are described below and these are available in the service API ­https://localhost:9443/services/UserInformationRecoveryService.

  1. Enable the Identity Listener by setting the following property to true in the <IS_HOME>/repository/conf/identity/identity.xml file.

    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="true"/>
  2. Configure the <IS_HOME>/repository/conf/identity/identity­-mgt.properties file with the following.

    Notification.Sending.Internally.Managed=true

    See the following table for descriptions of these configurations.

    Configuration
    Description
    Notification.Sending.Internally.Managed=true

    This enables the internal email sending module. If false, the email sending data is available to the application via a Web service. Thus, the application can send the email using its own email sender.

  3. Configure the <IS_HOME>/repository/conf/email/email-admin-config.xml file with the email template with the type “accountIdRecovery”. The following is a sample template.

    <configuration type="accountIdRecovery">
    	<targetEpr></targetEpr>
    	<subject>WSO2 Carbon ­ Account Recovery</subject>
    	<body>
    		Hi {first-­name}
    
    
    		We received a request to recover your account user name. The account associated with us indicates that the user name is : {user­-name}
    	</body>
    	<footer>
    		Best Regards,
    		WSO2 Carbon Team
    		http://www.wso2.com
    	</footer>
    	<redirectPath></redirectPath>
    </configuration>

    Tip: You can also customize the email template through the WSO2 IS management console in other languages. For more information on how to do this, see Customizing Automated Emails.

    1. getUserIdentitySupportedClaims() -­ This method returns all the claims defined in the Identity Server which are supported and not read only. You need to give the dialect which is by default “http://wso2.org/claims”.
    2. getCaptcha() -­ Get the captcha for the current request.
    3. verifyAccount() -­ Verifies the captcha, user claim values and tenant domain which are used to search for the user. You can define the claim values returned from the getUserIdentitySupportedClaims() call. Hence, you can define which claims should be used in the verification by passing only those required. Upon successful verification, the user id is sent by email to the user. Also, this returns the success/failed status of the verification.
  • No labels