Is it possible to change UserName regex validation in WSO2IS. Because when I'm syncing users from my database to WSO2IS, some users failed due to username validation. Some user's username property not match with the validation. Below is my error response. So is it possible to change this validation.
{"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkResponse"],"Operations":[{"bulkId":"qwerty1","method":"POST","response":"{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"scimType":"invalidValue","detail":"31301 - Username sysadmin#gmail.com is not valid. User name must be a non null string with following format, [a-zA-Z0-9._\\-|//]{3,30}$","status":"400"}","status":{"code":400}}]}
You can change the username regex by adding the following config to the deployment.toml and restart the server. (Note: If [user_store] is already defined in the deployment.toml add these configs under the same tag). Add the regex values within the inverted commas as you required.
[user_store]
username_java_regex=""
username_java_script_regex=""
Refer:
https://is.docs.wso2.com/en/latest/setup/working-with-properties-of-user-stores/#working-with-properties-of-user-stores
Yes, you can change the username regex validation in WSO2IS. Since you are trying to validate the email address pattern as the username you can try using the following configuration in the [IS-Home]/repository/conf/deployment.toml file under [user_store] section.
[user_store]
username_java_regex="^[a-zA-Z0–9._-]+#[a-zA-Z0–9.-]+\\.[a-zA-Z]{2,4}$"
username_java_script_regex="^[a-zA-Z0–9._-]+#[a-zA-Z0–9.-]+\\.[a-zA-Z]{2,4}$"
If you want to validate a different regex pattern, you can add that regex pattern in the above configuration.
Related
We have a WSO2 Identity Server 5.8.0 currently setup and running. By default it looks like the apostrophe isn’t acceptable in the username or email address for the user.
Three places give me errors with the current configuration:
In the Home > Add New User: I get a “Username pattern policy
violated”
In the Home > Update Profile: I get a “Email is not valid”
In the API to POST: api/identity/user/v1.0/validate-username I get Invalid = 60002
Where do I change the setting to allow apostrophe in username and email address?
Looking in documentation it seems like I should be able to change the User Store > Username Regex but when changed I get “Error occurred while updating user stories”
Also checked Identity > Claims > List but it seems strange to update the claim regex?
Any help appreciated.
Yes, Apostrophe is not supported by default and need to change the username regex to allow that. For IS 5.8 and older versions, we need to change the following regex props in /repository/conf/user-mgt.xml
1.
<Property name="UsernameJavaRegEx">{Regex}</Property>
To change the regular expression to validate usernames (In BE). By default, strings having a length of 5 to 30 between non-empty characters are allowed.
<Property name="UsernameJavaScriptRegEx">{Regex}</Property>
To change the regular expression used by the front-end components for username validation.
You can find the WSO2 recommendation for username regex here https://is.docs.wso2.com/en/latest/references/usernames-in-identity-server/#best-practices-for-username-creation
I'm using WSO2 5.10.0 and I configured it in order to use a JDBC User Store. The RDBMS is PostgreSQL.
I noticed that WSO2 IS is using a case-insensitive username strategy to let the access to the resources. Basically I can user my username all in uppercase or lowercase and I'll always be able in get the access. I need strongly to avoid this. I tried what there is written here https://is.docs.wso2.com/en/latest/setup/configuring-the-authorization-manager/#configuring-the-authorization-manager_1 but I can always get the access by using case-insensitive usernames
Is there any configuration I'm missing? Or is this the only way to get the access?
Angelo
EDIT
As suggested i changed my user store as I show:
#COME PRIMARY STORE USO IL DB POSTGRESQL
[user_store]
type = "database_unique_id"
url = "jdbc:postgresql://XXXX:YYYY/wso2is_primary_user_store"
username = "user"
password = "pwd"
driver = "org.postgresql.Driver"
properties.CaseInsensitiveUsername = false
I tried to access with an user both by using username in lower case and in upper case.
EDIT 2
I changed the deoplyment.toml in this way:
#COME PRIMARY STORE USO IL DB POSTGRESQL
[user_store]
type = "database_unique_id"
properties.CaseInsensitiveUsername=false
[database.user]
url = "jdbc:postgresql://xxx:yyy/wso2is_primary_user_store"
username = "username"
password = "password"
driver = "org.postgresql.Driver"
[realm_manager]
data_source = "WSO2USER_DB"
In this way for new users usernames are case sensitive. For old users usernames seem to remain case insensitive. I need to deeply investigate.
By default in WSO2 Identity Sever the Case Insensitive Username configuration is in active state. You can deactivate that configuration by adding the following configuration to the deployement.toml file located in IS-HOME/repository/conf/deployement.toml location.
[user_store]
properties.CaseInsensitiveUsername = false
Also if you need to change the configurations for a JDBC User Store please refer https://is.docs.wso2.com/en/latest/setup/configuring-a-jdbc-user-store/
I am integrating Keycloak with Djnago
https://github.com/Peter-Slump/django-keycloak/issues
Keycloak Server
This is what my keycloak User Screen looks like
BUT when I log within django,
user.email is proper (whats present in keycloak)
user.username is getting set as ID from keycloak.
Is there a way to retain djnago username as keycloak username?
https://github.com/Peter-Slump/django-keycloak/issues/39
In general user.username is actually the username in keycloak, unless the framework you use has a custom mapping to change the values (most probably with sub value from token in your case). If it is the case, you can add a duplicate property in token to get username as follows:
Login to Keycloak Server with admin credentials
Go to Clients section and click on the application client you are working on
Select Mappers subsection in your client page
Click on Add Bultin, select username checkbox and Save the settings
After you have added the token, you use it to get the username. In case the name conflicts(when mapping of username shares same syntax as to get property username from token), add a custom mapper where you can rename the property name for same username value. Custom mapper should look something like:
I'm using django-allauth for my user management and using the user's email address as the username field.
Everything is working fine and I've got a form the user can use to update their details - first name, last name etc. - which works perfectly.
But it won't update the user's email address using that form. I'm guessing it's because it's the primary key but how would I go about allowing the user to change their email address in this scenario?
You can use EmailAddress.change in your view.
I want a Registration Form with only email + password. I am thinking to insert automatically email in username field. So, for eash user, I will have this:
username: example#example.com
password: mypassword
email: example#example.com
Of course email + password will be used in login process.
Is it a good solution to having 2 fields with the same value ? Or is there a more sofisticated solution ?
Thanks :)
Probably not a good idea to circumvent the expected regex validation on username which is r'^\w+$' (so no # or ., obviously). Also, there's a 30 character limit on username, so lots of email addresses won't fit.
You should write a custom auth backend that authenticates based on the actual email field - many people do this, so you can probably find samples on djangosnippets.
Two things to keep in mind - by default, the email field is non-unique. Also, you are almost definitely going to break the admin app, so you'll need to do some jiggery pokery if you want to use contrib.admin.