Is it possible in WSO2 Identity Server self-registration process to request only the First and Last name of a User and generate a username instead of asking the user to enter the desired username?
The default WSO2 identity server self-registration process does not allow generating username by the given first and last name.
But according to the wso2 documentation of Customizing WSO2 Identity Server UIs, you can customize the WSO2 Identity Server self-registration process to request the First and Last name to generate a username by concatenating the first and last name accordingly.
The generated username should be unique and obey the defined username regex in the user store. In the documentation of Working with Properties of User Stores, you can find the user store properties related to username regex. Therefore you should verify that the concatenation of first and last name, generates a unique username that complies with the username regex.
Related
In my WSO2 Identy Server (v5.8.0), i have added one custom attribute named XXX.
Then, in my web client application, I invoke /scim2/Users service to create new user inside IDS.
I successfully create user with correct name, surname, email, phone number and so on, but my custom field is not updated in my user content store.
By other hand, if I update field by data entry and read my user from IDS, I can see my custom attribute XXX correctly.
Can someone help me ?
One of the following reasons could be caused not to update custom attributes via scim2/Users endpoint.
Once you add a new local claim and if you want to access/modify its value using SCIM endpoint it should be mapped to scim claim dialect. Follow the steps in extending scim user claims doc in https://docs.wso2.com/display/IS580/Extending+SCIM+2.0+User+Schemas
If the above step is correctly configured, check the request payload whether the attribute is correctly defined in the payload. If the attribute is not defined in the expected format, WSO2 IS ignores those attributes.
When you trying to update the value via login to the management console and view the user profile through the management console doesn't involve the SCIM APIs. You are directly updating the local claim in the WSO2 local claim dialect. If you have followed the doc mention is step 1 and that attribute has a value, GET /scim2/Users/{user-id} should return the attribute in the response.
I have to one question that one user having email id with domoin name and stored in wso2 user database many another uses having same domain but not stored in same user database how those uses will be allowed to login in identity server only with same domain.
And second unrelated previous question is how to provide multiple user store with wso2 identity server
First You have to enable email username as per [1]. You can plug multiple user stores as per [2]. Having same email domain in different physical user stores is not a problem. Authentication to WSO2 Identity Server is a unified functionality irrespective of underline user store implementation but if you want to authenticate against specific user store only, you can provide user store domain qualified username.
[1] https://docs.wso2.com/display/IS570/Using+Email+Address+as+the+Username
[2] https://docs.wso2.com/display/IS570/Configuring+Secondary+User+Stores
I need to implement user verification using email containing OTP(Randomly generated 4 digit number) for newly registered user accounts in WSO2 Identity Server but I could not find such functionality. Is there any feature in the repository that might help me?
You can follows the https://docs.wso2.com/display/ISCONNECTORS/Configuring+EmailOTP+Authenticator it describes the steps that you need to follow
There is a table in our WSO2 DB (SQL Server) called [IDN_OPENID_USER_RPS] and it has a column - LAST_VISIT. I have searched to find a configuration setting that will turn this feature on, but no success. It is used for OpenId. Any help or ideas would be appreciated.
When users login to OpenID relying party applications where the OpenID authentication is provided by the Identity Server, the login details are stored in this table. USER_NAME column contains the username of the logged in user. RP_URL contains the URL of the relying party where it should be redirected upon successful login. TRUSTED_ALWAYS column contains the value of TRUE or FALSE which indicates whether the user has given the “Approve Always” or “Approve” options of the application for authentication. LAST_VISIT column contains the date of the last login of the user. VISIT_COUNT is the number of successful login attempts for the user.
Configuration of OpenID can be found here https://docs.wso2.com/display/IS500/Managing+OpenID+Connect
I have this problem when using SAML SSO authentication. I have successfully set up WSO2IS 5.0.0 Identity server, I also succeeded setting up (at least I hope so) secondary user store. I used JDBCUserStoreManager implementation. I have set this store as DOMAIN. This user store works nice, at least I think it does. Because it is storing user attributes into its tables (USER_ATTRIBUTES) and those attributes are read by WSO2IS administration ...
https://localhost:9443/carbon/userprofile/edit.jsp?username=DOMAIN/demo_jbu&profile=default&fromUserMgt=true
Users are identified as DOMAIN\username so when I want to log in user from this DOMAIN, request goes to my AUTHENTICATOR implementation so I can manage authentication for users from this domain.
What is strange is, that if I use WSO2IS administration pages, I can set and read users's attributes well. And if I use SAML SSO authentication (have already set up service provider & claim mappings) for users from PRIMARY domain, everything goes fine and calling SP gets all attributes - mapped in WSO2IS administration here:
https://localhost:9443/carbon/application/configure-service-provider.jsp
If I use SAML SSO authentication, but I want to log user from my DOMAIN, SP doesn't get anything.
I can override this behavior in DefaultResponseBuilder, I can put into SAMLResponse anything I want, but I don't feel this approach is OK. Can anyone tell me, where to look for an error? What may be wrong? Where should I start looking for problems? I have already tried to debug it, and it seems it (SAML SSO/AUTHENTICATOR) doesn't find any claim for DOMAIN user.
Thank you in advance.
Josef
I think this is bug in Identity Server 5.0.0. When you are using SAML2 SSO, user can login to Identity Server with both username with domain name and username without domain name. Basically
bob and foo.com/bob must both works and returns the bob user's attributes from foo.com user store. However there is issue with IS 5.0.0, if secondary user store user login without domain name, Identity Server does not returns the user attributes. But, please try to login with foo.com/bob , Then it would return the user's attributes.
You can find the public jira. It contains source diff. It must be a simple fix and you even can compile the source and add fix in to the Identity Server.