This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Authentication using Attributes (v.3 vs v.4) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Configure the LDAP user store related configurations using the user-mgt.xml file found in the <IS_HOME>/repository/conf directory. See here for more information on configuring user stores.
    1. Configure UserNameSearchFilter that helps to search for the user object in the LDAP using both mail and uid attributes.
      <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(|(mail=?)(uid=?)))</Property> 
    2. Disable UserDNPattern property, if it is currently enabled.
      <!--Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property--> 
    3. The mail attribute has requirements that are unique. If you are using the mail attribute, you need to open the carbon.xml file found in the <IS_HOME>/repository/conf directory and uncomment the following. See here for more information on email authentication.
  2. If you want to work with multiple attributes (basically to retrieve internal roles with multiple attributes), you must add following property in the <IS_HOME>/repository/conf/user-mgt.xml file. This can be done only once you have installed the WSO2 Identity Server 5.0.0 along with the Service Pack. 
    <Property name="MultipleAttributeEnable">true</Property>

  3. To test this, restart the Identity Server and try to log in to the management console by providing both the mail and uid with the same password.