It is a common scenario in organizations to use email address as the user name to log into various organizational applications/systems. If you are using WSO2 Identity Server (or any WSO2 server) in your enterprise solutions and if you want to enable email as the user name, in this post I will explain how you can configure it to use email as the user name.
I will use the default LDAP instance which ships with IS to keep the users. You can use either your own LDAP instance or Active Directory instance instead of the default LDAP that ships with IS. Refer this for configuring an external LDAP or Active Directory to work with WSO2 Identity Server.
You can download WSO2 Identity Server from here.
Extract it and make sure you have set the environment correctly in order to run the server. If you need more information on running WSO2 Identity Server you can refer this.
I will use IS_HOME to refer the extracted location of the server.
Step 1: Open carbon.xml in IS_HOME/repository/conf and uncomment
<EnableEmailUserName>true</EnableEmailUserName>
Step 2: Open user-mgt.xml in IS_HOME/repository/conf and do the following changes
First you have to modify the Configuration section as bellow;
If you need to add the admin user to the LDAP/AD set AddAdmin to ‘true’. If you are using an user already existing in the LDAP/AD set this as false.
<AddAdmin>true</AddAdmin>
UserName → If you need to use an user already available in the AD/LDAP specify that users email here. Or else if you need to add an admin (as in above step) specify the required admin email
<UserName>admin@wso2.com</UserName>
Passsword → if the admin is a already existing user keep the value as it is. Do not change it. Or else if you are adding the admin, specify a password here. Later change the password in the AD/LDAP itself while keeping the older or a dummy password here.
<Password>admin</Password>
Refer this for more information on the above.
Next you have to find the correct UserStoreManager section which is being used (or uncommented in default) and modify the below properties.(By default this will have the configurations required to connect with the Internal LDAP)
UserNameListFilter → (&(objectClass=identityPerson)(mail=*))
UserNameSearchFilter → (&(objectClass=identityPerson)(mail=?))
UserNameAttribute → mail
UsernameJavaRegEx → ^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$
Comment out UserDNPattern and RoleDNPattern
<!--Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
<Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property-->
Thats it. Now start the server and you can login with the admin user name and password you provided. Make sure you change the password though Management console or by LDAP it self.
You can download the user-mgt.xml which I used with WSO2 Identity Server 4.6.0 for your reference.
I will use the default LDAP instance which ships with IS to keep the users. You can use either your own LDAP instance or Active Directory instance instead of the default LDAP that ships with IS. Refer this for configuring an external LDAP or Active Directory to work with WSO2 Identity Server.
You can download WSO2 Identity Server from here.
Extract it and make sure you have set the environment correctly in order to run the server. If you need more information on running WSO2 Identity Server you can refer this.
I will use IS_HOME to refer the extracted location of the server.
Step 1: Open carbon.xml in IS_HOME/repository/conf and uncomment
<EnableEmailUserName>true</EnableEmailUserName>
Step 2: Open user-mgt.xml in IS_HOME/repository/conf and do the following changes
First you have to modify the Configuration section as bellow;
If you need to add the admin user to the LDAP/AD set AddAdmin to ‘true’. If you are using an user already existing in the LDAP/AD set this as false.
<AddAdmin>true</AddAdmin>
UserName → If you need to use an user already available in the AD/LDAP specify that users email here. Or else if you need to add an admin (as in above step) specify the required admin email
<UserName>admin@wso2.com</UserName>
Passsword → if the admin is a already existing user keep the value as it is. Do not change it. Or else if you are adding the admin, specify a password here. Later change the password in the AD/LDAP itself while keeping the older or a dummy password here.
<Password>admin</Password>
Refer this for more information on the above.
Next you have to find the correct UserStoreManager section which is being used (or uncommented in default) and modify the below properties.(By default this will have the configurations required to connect with the Internal LDAP)
UserNameListFilter → (&(objectClass=identityPerson)(mail=*))
UserNameSearchFilter → (&(objectClass=identityPerson)(mail=?))
UserNameAttribute → mail
UsernameJavaRegEx → ^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$
Comment out UserDNPattern and RoleDNPattern
<!--Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
<Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property-->
Thats it. Now start the server and you can login with the admin user name and password you provided. Make sure you change the password though Management console or by LDAP it self.
You can download the user-mgt.xml which I used with WSO2 Identity Server 4.6.0 for your reference.
No comments:
Post a Comment