Unable to Add user with # symbol - wso2-identity-server

While adding a user in WSO2 Identity Server (Eg. sreedhar#xyz.com) following error is thrown.
Could not add user PRIMARY/sreedhar#xyz.com. Error is: Username sreedhar#xyz.com is not valid. User name must be a non null string with following format
I changed the regular expression too as below
^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*#+[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$
It is working in a simple java application.
Help appreciated, please

You can change the user-mgt.xml file as follows to add email usernames,
<Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
You can user complex regular expressions as well.
Thanks
Isura

Related

Allowing apostrophe in username and email address WSO2 Identity Server [5.8.0]

We have a WSO2 Identity Server 5.8.0 currently setup and running. By default it looks like the apostrophe isn’t acceptable in the username or email address for the user.
Three places give me errors with the current configuration:
In the Home > Add New User: I get a “Username pattern policy
violated”
In the Home > Update Profile: I get a “Email is not valid”
In the API to POST: api/identity/user/v1.0/validate-username I get Invalid = 60002
Where do I change the setting to allow apostrophe in username and email address?
Looking in documentation it seems like I should be able to change the User Store > Username Regex but when changed I get “Error occurred while updating user stories”
Also checked Identity > Claims > List but it seems strange to update the claim regex?
Any help appreciated.
Yes, Apostrophe is not supported by default and need to change the username regex to allow that. For IS 5.8 and older versions, we need to change the following regex props in /repository/conf/user-mgt.xml
1.
<Property name="UsernameJavaRegEx">{Regex}</Property>
To change the regular expression to validate usernames (In BE). By default, strings having a length of 5 to 30 between non-empty characters are allowed.
<Property name="UsernameJavaScriptRegEx">{Regex}</Property>
To change the regular expression used by the front-end components for username validation.
You can find the WSO2 recommendation for username regex here https://is.docs.wso2.com/en/latest/references/usernames-in-identity-server/#best-practices-for-username-creation

Is it possible to change UserName regex validation in WSO2IS

Is it possible to change UserName regex validation in WSO2IS. Because when I'm syncing users from my database to WSO2IS, some users failed due to username validation. Some user's username property not match with the validation. Below is my error response. So is it possible to change this validation.
{"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkResponse"],"Operations":[{"bulkId":"qwerty1","method":"POST","response":"{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"scimType":"invalidValue","detail":"31301 - Username sysadmin#gmail.com is not valid. User name must be a non null string with following format, [a-zA-Z0-9._\\-|//]{3,30}$","status":"400"}","status":{"code":400}}]}
You can change the username regex by adding the following config to the deployment.toml and restart the server. (Note: If [user_store] is already defined in the deployment.toml add these configs under the same tag). Add the regex values within the inverted commas as you required.
[user_store]
username_java_regex=""
username_java_script_regex=""
Refer:
https://is.docs.wso2.com/en/latest/setup/working-with-properties-of-user-stores/#working-with-properties-of-user-stores
Yes, you can change the username regex validation in WSO2IS. Since you are trying to validate the email address pattern as the username you can try using the following configuration in the [IS-Home]/repository/conf/deployment.toml file under [user_store] section.
[user_store]
username_java_regex="^[a-zA-Z0–9._-]+#[a-zA-Z0–9.-]+\\.[a-zA-Z]{2,4}$"
username_java_script_regex="^[a-zA-Z0–9._-]+#[a-zA-Z0–9.-]+\\.[a-zA-Z]{2,4}$"
If you want to validate a different regex pattern, you can add that regex pattern in the above configuration.

WSO2 APIM-Analytic service (version:2.6.0) is not able to send the alert emails

In order to test this function, I chosed Abnormal Request Count option, which is in Alert Management menu of Api Store, and added a restful api. Then I called this api for many times by Postman.
The carbon.log, which is in <API-M_ANALYTICS_HOME>/wso2/worker/logs, recorded the following error message:
[2020-10-19 11:03:36,094] ERROR {org.wso2.siddhi.core.stream.output.sink.Sink} - Error on 'APIM_ALERT_EMAIL_NOTIFICATION'. Dropping event at Sink 'email' at 'EmailNotificationStream' as its still trying to reconnect!, events dropped '<strong>Message:</strong>A request from a new IP (10.9.16.77) detected by user:admin#carbon.super using application:devMap owned by admin#carbon.super. <br><br> <strong>Type:</strong>UnusualIPAccess <br><br> <strong>AlertTimestamp:</strong>2020-10-19 11:03:35'
[2020-10-19 11:06:10,307] ERROR {org.wso2.siddhi.core.stream.output.sink.Sink} - Error on 'APIM_ALERT_EMAIL_NOTIFICATION'. Dropping event at Sink 'email' at 'EmailNotificationStream' as its still trying to reconnect!, events dropped '<strong>Message:</strong>Abnormal request count detected during last minute using application devMap owned by admin#carbon.super for api :全球风向查询, abnormal request count:9. <br><br> <strong>Type:</strong>AbnormalRequestsPerMin <br><br> <strong>AlertTimestamp:</strong>2020-10-19 11:06:10'
About detailed configuration, I referred the following links:
Configuring Alerts:
https://docs.wso2.com/display/AM260/Configuring+Alerts#ConfiguringAlerts-ConfiguringalertsviatheStore
Enabling Notifications:
https://docs.wso2.com/display/AM260/Enabling+Notifications
According to these documents, I did the following things:
1.Open the <API-M_ANALYTICS_HOME>/conf/worker/deployment.yaml file to configure the sender email address. The sample code is shown below:
siddhi:
extensions:
...
-
extension:
name: email
namespace: sink
properties:
username: abcd#163.com
address: abcd#163.com
password: xxxx
...
2.Go to the <API-M_ANALYTICS_HOME>/resources/apim-analytics/ directory. Copy the APIM_ALERT_EMAIL_NOTIFICATION.siddhi file and paste it in the <API-M_ANALYTICS_HOME>/wso2/worker/deployment/siddhi-files directory.
3.Set the email server configurations in the <API-M_HOME>/repository/conf/output-event-adapters.xml file under the section.
<adapterConfig type="email">
<!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
based authentication rather username/password authentication -->
<property key="mail.smtp.from">abcd#163.com</property>
<property key="mail.smtp.user">abcd</property>
<property key="mail.smtp.password">xxxx</property>
<property key="mail.smtp.host">smtp.163.com</property>
<property key="mail.smtp.port">25</property>
<property key="mail.smtp.starttls.enable">true</property>
<property key="mail.smtp.auth">true</property>
<!-- Thread Pool Related Properties -->
<property key="minThread">8</property>
<property key="maxThread">100</property>
<property key="keepAliveTimeInMillis">20000</property>
<property key="jobQueueSize">10000</property>
</adapterConfig>
4.Log in to the Management Console and click Main > Resource > Browse. Browse to the /_system/config/apimgt/applicationdata/tenant-conf.json file and click Edit as Text.Set the NotificationsEnabled property to true as shown below:
"NotificationsEnabled":"true",
"Notifications":[{
"Type":"new_api_version",
"Notifiers" :[{
"Class":"org.wso2.carbon.apimgt.impl.notification.NewAPIVersionEmailNotifier",
"ClaimsRetrieverImplClass":"org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever",
"Title": "Version $2 of $1 Released",
"Template": " <html> <body> <h3 style=\"color:Black;\">We’re happy to announce the arrival of the next major version $2 of $1 API which is now available in Our API Store.</h3>Click here to Visit WSO2 API Store</body></html>"
}]
}
]
I've also checked APIM_ALERT_EMAIL_NOTIFICATION.siddhi:
#App:name("APIM_ALERT_EMAIL_NOTIFICATION")
#App:description('Send email to all the subscribers of a particular alert')
#source(type="inMemory", topic="APIM_EMAIL_NOTIFICATION", #map(type='passThrough'))
define stream EmailAlertStream (
type string,
message string,
alertTimestamp string,
emails string);
#sink(type='email', content.type="text/html", #map(type ='text', #payload('<strong>Message:</strong>{{message}} <br><br> <strong>Type:</strong>{{type}} <br><br> <strong>AlertTimestamp:</strong>{{alertTimestamp}}')),subject='Alerts from WSO2 APIM Analytics',to='{{emails}}')
define stream EmailNotificationStream (
type string,
message string,
alertTimestamp string,
emails string);
from EmailAlertStream
select *
insert into EmailNotificationStream;
As you can see, there is nothing special.
Have I missed anything to do? I don't know what the problem is, please help me.
As per the exceptions you received. Looks like there are issues with connecting to the SMTP server. Can you please check the configurations and check there are any restrictions to use your email.
ex: in Gmail, you have to enable 'untrusted applications' to access Gmail.
I've found the reason of this problem.
By reading the source code (EmailSink.java), I know the information of SMTP Server should be configured in APIM_ALERT_EMAIL_NOTIFICATION.siddhi, otherwise the analytic server is going to use smtp.gmail.com by default.

WSO2IS-5.3.0 Pb with password management

I'm migrating my app from wso2is-5.2.0 to wso2is-5.3.0.
In user-mngt.xml I have from 5.2.0
<Property name="PasswordJavaRegEx">^[\S]{1,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{1,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 1 to 30 characters</Property>
In the wso2is-5.3.0 carbon console, I put the same values from Identity Providers > Resident > Password Policies > Password Pattern
and restart wso2is, but I still cannot create a user from webservice, getting the following error :
Caused by: org.wso2.carbon.user.core.UserStoreException: Password at
least should have 6 characters
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:626)
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:585)
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPreAddUser(IdentityMgtEventListener.java:194)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:1514)
whether I check "Enable Password Policy Feature" or not in the carbon console, my values are not taken into account...
Is there a third way (registry ?) to change password policy ?
Regards
You need to set the matching values for Password Policy Min Length (to 1 in your case) and Password Policy Max Length (to 30 in your case) at Resident IdP -> Password Policies -> Password Patterns.
All of the min length, max lengths, and pattern should be matched by the given password to become a valid one.

WSO2 API manager: ActiveDirectory as second user store

I have create my configuration file for the second user store here: /opt/wso2am-1.7.0/repository/deployment/server/userstores i named it with the name of my domain (sub_dom_local.xml my domain is sub.dom.local)
and I set as primary user store a jdbc store.
When I try to login with a domain user name I obtain this error:
[2014-06-25 10:48:39,828] ERROR - System error while Authenticating/Authorizing User : [Ljava.lang.Object; cannot be cast to [Ljava.lang.String; {org.wso2.carbon.core.services.authentication.AuthenticationAdmin}
I am sure than I have insert the correct username and password, I enabled the debug loggr and I see in the log that the Authentication procedure connected to the Active directory and retrieve all the information.
If I insert a wrong password i do not have the error but I have the information for the wrong password.
Could you help me?
Thanks Jack
When the ActiveDirectoryUserStoreManager is enabled it seems we need to enable GetAllRolesOfUserEnabled property in Authorization manager as follows in user manager configuration
`<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">true</Property>
</AuthorizationManager>
`
Otherwise it is throwing the exception you have mentioned.
Try this configuration:
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
...
<Property name="MemberOfAttribute"/>
...
</UserStoreManager>
You do not specify the MemberOfAttribute.
Matteo