This documentation is for WSO2 Identity Server 5.7.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When a user's password is reset or a user is deleted, all the existing active sessions associated with the user must be invalidated or terminated in order to ensure the safety of the application. This topic guides you through enabling session termination. When it is enabled, user sessions are terminated when the following events occur:

  • Update user credentials
  • Delete user
  • Lock user account
  • Disable user account
Warning

To use this feature, apply the 3685 WUM update for WSO2 IS 5.7.0 using the WSO2 Update Manager (WUM).

To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. This feature is enabled by default from WSO2 IS 5.8.0 onwards. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.

Follow the steps given below to enable this functionality. 

  1. Add the following configuration to the identity.xml file located in the <IS_HOME>/repository/conf/identity folder within the <SessionDataPersist> tag. 

    Code Block
    languagexml
    <JDBCPersistenceManager>
    	.....
       	<SessionDataPersist>
      		.....
           		<UserSessionMapping>
    	   	 	<Enable>true</Enable>
           		</UserSessionMapping>
       	</SessionDataPersist>
    </JDBCPersistenceManager>
  2. Create the following new tables in the database using the appropriate query. 

    Localtab Group
    Localtab
    activetrue
    titleH2
    Code Block
    CREATE TABLE IF NOT EXISTS IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID));
    
    CREATE TABLE IF NOT EXISTS IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID));
    
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID);
    
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID)
    Localtab
    titleMySQL
    Code Block
    CREATE TABLE IF NOT EXISTS IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID));
    
    CREATE TABLE IF NOT EXISTS IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID));
    
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID);
    
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID);
    Localtab
    titleMSSQL
    Code Block
    IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_AUTH_USER]') AND TYPE IN (N'U'))
    CREATE TABLE IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID));
    
    IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_AUTH_USER_SESSION_MAPPING]') AND TYPE IN (N'U'))
    CREATE TABLE IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID));
    
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID);
    
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID);
    Localtab
    titleDB2
    Code Block
    CREATE TABLE IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID)
    )
    /
    CREATE TABLE IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID)
    )
    /
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID)
    /
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID)
    /
    Localtab
    titleOracle
    Code Block
    CREATE TABLE IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID)
    )
    /
    
    CREATE TABLE IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID)
    )
    /
    
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID)
    /
    
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID)
    /
    Localtab
    titlePostgreSQL
    Code Block
    CREATE TABLE IDN_AUTH_USER (
    USER_ID VARCHAR(255) NOT NULL,
    USER_NAME VARCHAR(255) NOT NULL,
    TENANT_ID INTEGER NOT NULL,
    DOMAIN_NAME VARCHAR(255) NOT NULL,
    IDP_ID INTEGER NOT NULL,
    PRIMARY KEY (USER_ID),
    CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID));
    
    CREATE TABLE IDN_AUTH_USER_SESSION_MAPPING (
    USER_ID VARCHAR(255) NOT NULL,
    SESSION_ID VARCHAR(255) NOT NULL,
    CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID));
    
    CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID);
    
    CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID);