This documentation is for WSO2 Identity Server 5.5.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can create new users using any of the following methods and then assign the roles to the created users:

Table of Content Zone
locationtop

Creating a new user using the management console

Follow the instructions below to add a new user account and configure its role.

  1. On the Main tab in the Management Console, click Add under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click Add New User. The following screen appears.

    Warning

    Do not use the special character, "#" while defining any of the user naming attirbutes since it is reserved for a specific functionality. This condition applies across all user stores.

    Info

    When giving a username, it should not contain backslash (“/”) or any special character ("&", "$", "%") as specified in user-mgt.xml in <IS_HOME>/repository/conf under <Property name="UsernameJavaRegEx">

  4. Do the following:
    1. In the Domain list, specify the user store where you want to create this user account. This includes the list of user stores you configured. See Configuring the Realm for more information.
    2. Enter a unique username and the password that the person will use to log in. By default, the password must be at least five characters. 
    3. If you need to assign a role to user, Click Next and go to step 5, or Click Finish to end the flow.
  5. Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.
  6. Click Finish.

A new user account is created with the specified roles and is listed on the Users page.

Assigning roles to the user

  1. On the Main tab in the Management Console, click List under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. Click the Assign Roles link that corresponds to the user you want to assign to a role. 
  4. Select the role(s) you want to assign and click Update
  5. Click Finish

The user is assigned to the specified roles. You can view a user's roles by clicking on the View Roles link on the user list. 

Note

Internal/everyone: This is a conceptual role that is used to group all the users (across the user stores) together. When you create a new user, automatically the user belongs to the Internal/everyone role. By default, this role does not contain any permissions. You can assign permissions depending on the requirement.

Creating new users using the ask password option

See the Creating users using the ask password option page for guidance on user creation using the ask password option.

Creating new users using SCIM

Instead of creating the user through the management console, it can also be done using a SCIM request as seen below.

Info

In the request, you can avoid providing the password of new user by enabling the ask password option and providing the email address of the user in the request so that the user will get an email to that email address to confirm the account and set the password.

Info

Before running the cURL commands, make sure you change the SCIMEnabled property to "true" for the primary userstore in <IS_HOME>/repository/conf/identity/user-mgt.xml

Code Block
languagexml
<Property name="SCIMEnabled">true</Property>
Code Block
languagexml
titleRequest
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","password":"password","emails":[{"primary":true,"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
Code Block
languagexml
titleResponse
{"id":"0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","emails":[{"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}],"meta":{"lastModified":"2016-01-25T11:44:14","location":"https://localhost:9443/wso2/scim/Users/0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","created":"2016-01-25T11:44:14"}} 

Creating new users using SOAP

The user can also be created by calling the RemoteUserStoreManager service. If you are new to admin services, see Calling Admin Services.

  1. Disable the hidden admin service property in the <IS_HOME>/repository/conf/carbon.xml file. 
    Bydefault the admin services are disabled as it is not recommended to expose these URLs to users. However, it can be enabled if it needs to be accessed by the administrators.

    Code Block
    <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
  2. Open the following Admin Service from SOAP UI: https://localhost:9443/services/RemoteUserStoreManagerService?wsdl 

    Info

    If you have ocnfiguredWSO2 IS to use an IP or hostname, replace localhost with your IP or hostname.

  3. Call the addUser() method to create the user and make sure to give the email address of the user. This is similar to the following SOAP request.

    Code Block
    languagexml
    titleSOAP Request
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
       <soapenv:Header/>
       <soapenv:Body>
          <ser:addUser>
    
             <ser:userName>username</ser:userName>
    
             <!--Zero or more repetitions:-->
             <ser:roleList>admin</ser:roleList>
    
             <!--Zero or more repetitions:-->
             <ser:claims>
                <xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI>
                <xsd:value>[email protected]</xsd:value>
             </ser:claims>
    
             <ser:profileName>default</ser:profileName>
    
             <ser:requirePasswordChange>true</ser:requirePasswordChange>
          </ser:addUser>
       </soapenv:Body>
    </soapenv:Envelope>
    Note

    There will be no SOAP response as this is a one way SOAP operation. You can check successful creation of the user account using the management console by clicking Users and Roles>Users>List under the Configure section.

Update users

Table of Contents
maxLevel4
minLevel4
includeUpdate user using management console|Update user using SCIM|Update user using SOAP

Update user using management console

Follow the below instruction to update a user using management console.

  1. On the Main tab in the Management Console, click List under Users and Roles.
  2. Click Users. This link is only visible to users with the Admin role. 
  3. You will see the list of users that are available and you can click Update Profile if you want to update the profile of a particular user.
  4. There you can update the details of the user and click Update.

Other than updating user profile details, you can also change the password of the user and assign more roles to the user.

Update user using SCIM

You can use following the following SCIM cURL commands to update a user created using SCIM.

Code Block
titleRequest
curl -v -k --user {IS_USERNAME}:{IS_PASSWORD}  -X PATCH -d '{"schemas":[],"name":{"familyName":"{LAST_NAME}","givenName":"{FIRST_NAME"},"userName":"{USERNAME","emails": "{EMAIL"}' --header "Content-Type:application/json" https://{IS_IP}:{IS_PORT}/wso2/scim/Users/{SCIM_USER_ID}
Code Block
titleRequest: Sample
curl -v -k --user admin:admin -X PATCH -d '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"[email protected]","type":"work"},{"value":"[email protected]","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/0032fd29-55a9-4fb9-be82-b1c97c073f02

You can use the "PUT" operation instead of "PATCH", but PUT will delete all the other claims of the user that are not getting updated by the command. Therefore, PATCH operation is recommended instead of the PUT operation.

Update user using SOAP

The users also can update their claims by calling the RemoteUserStoreManager service. If you are new to admin services, see Calling Admin Services.
  1. Disable the hidden admin service property in the <IS_HOME>/repository/conf/carbon.xml file. 
    By default, the admin services are disabled as it is not recommended to expose these URLs to users. However, it can be enabled if it needs to be accessed by the administrators.

    Code Block
    <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
  2. Open the following Admin Service from SOAP UI: https://localhost:9443/services/RemoteUserStoreManagerService?wsdl 

    Info

    If you have ocnfiguredWSO2 IS to use an IP or hostname, replace localhost with your IP or hostname.

  3. There are few SOAP service methods that can use to update user details by calling the above admin service.

    1. updateCredential(): This is the method used to update password of the user.

      Code Block
      titleRequest: Sample
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
         <soapenv:Header/>
         <soapenv:Body>
            <ser:updateCredential>
               <!--Optional:-->
               <ser:userName>user123</ser:userName>
               <!--Optional:-->
               <ser:newCredential>password123</ser:newCredential>
               <!--Optional:-->
               <ser:oldCredential>password</ser:oldCredential>
            </ser:updateCredential>
         </soapenv:Body>
      </soapenv:Envelope>
    2. updateUserListOfRole(): This is the method used to update roles of the user.

      Code Block
      titleRequest: Sample
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
         <soapenv:Header/>
         <soapenv:Body>
            <ser:updateUserListOfRole>
               <!--Optional:-->
               <ser:roleName>admin123</ser:roleName>
               <!--Zero or more repetitions:-->
               <ser:deletedUsers>sampleUser</ser:deletedUsers>
               <!--Zero or more repetitions:-->
               <ser:newUsers>user123</ser:newUsers>
            </ser:updateUserListOfRole>
         </soapenv:Body>
      </soapenv:Envelope>

...