We have the WSO2 API Manager deployed and working, although we are unable to figure out an issue about users addition. We want to add the users via the management console (Carbon) and after being added we want the user to receive an email saying that his/her account was successfully created.
Although there is documentation for a workflow extension when the user signs up, we were unable to find any documentation regarding the matter we've pointed out, is this possible to achieve via the API Manager or with some kind workflow extension?
Thanks in advance!
EDIT: We are using WSO2 API Manager 1.10.0.
If your requirement is to create a user through the management console and allow the created user to define a password, you can configure APIM server to support 'Ask password from user' feature. (In this feature, APIM server administration can create a user through the management console and provide the email address of the user, so that user can set the password through the redirection URL provided in the email). To configure 'Ask password from user' feature follow the instructions given in https://docs.wso2.com/display/IS510/Creating+Users+Using+the+Ask+Password+Option.
If you want the APIM server administrator to set the username and password through the APIM management console and only send a notification to the user that his/her account is created successfully, then you have to write a custom component, because this is not supported by default.
Related
I'm looking at AWS Cognito documentaion here
Authentication with a User Pool
Actually I looked at many links in the documentation without finding clear information about this.
In AWS Cognito, I successfully created user pool, app client and integrated signup and login in Android and iOS using the platform provided SDK (amplify). But I want to do that directly from REST client, for testing purposes to generate user tokens. I want to submit the required credentials, username and password and get the user token as I do from the SDK.
I also tried the answer here but it gives an error
{
"__type": "NotAuthorizedException",
"message": "Unable to verify secret hash for client 1034me0p4rkfm17oidu7mkunu5"
}
Is this is something possible and how?
I just managed to get it done. There is a setting while you create an application client in Cognito console Enable Client Secret
To get that functionality to work, You need to create another App client with Enable Client Secret disabled. Then use the example mentioned in this answer
Hi i Want in API manager WSO2 in store section after user registered Send email with link to confirm account
am version: 2.5.0
Please Help Me
Your requirement can be achieved through a custom workflow extension. By default there is a custom workflow to the user signup process. You may need to extend that to send an email. Please refer to this.
I followed the below steps to enable password recovery using email notification.
https://docs.wso2.com/display/IS530/Password+Recovery
When I click forgot password button on dashboard login page, it asks for username and after that throw below error
Code : 20017
Message :Notification based password recovery is not enabled
I checked code in github and found property recovery.notification.password.enable is used but could not locate in any config file or any documentation. I am using WSO2IS 5.3.0.
How can i enable password recovery through end user dashboard if not mentioned in above mentioned steps.
Assume you are following the old and deprecated method. The steps for new APIs are available at the REST API Guide, It is also linked from the section "Password recovery using REST APIs" in the page you referred.
What you need to do is enable the Notification Based Password Recovery Enabled at the Resident Identity Provider configuration at management console and optionally set the expiry time for notifications.
I recently updated my environment from WSO2 IS 5.0.0 to WSO2 IS 5.2.0. My environment consists of 2 machines that are creating a cluster (using the WKA membership scheme and Load Balancer(AWS ELB) with sticky session enabled). I am using MySQL(not the default H2 database). The machines on which the IS is deployed are Windows Server 2012 R2 (EC2 AWS machines). I am also using the so called WSO2 IS Admin services.
As mentioned in the heading I am consuming the UserProfileMgtService
(https://url:port/services/UserProfileMgtService?wsdl).
In combination with it I am using OAuth2TokenValidationService
(https://url:port/services/OAuth2TokenValidationService?wsdl).
If I pass valid access token to the OAuth2TokenValidationService I am able to fill in with data OAuth2TokenValidationResponseDTO object by using the Validate method of the OAuth2TokenValidationService. As result I am able to extract the authorizedUser and pass it to the getUserProfile method of the UserProfileMgtService. I am using the standard carbon.super domain and I am using the email as username. For example I am passing the following two parameters to the getUserProfile:
"admin#admin.com#carbon.super" as username
"default" as profileName
And as result I receive the following message:
UserNotFound: User admin#admin.com#carbon.superdoes not exist in: PRIMARY
If I remove the "#carbon.super" from the authorizedUser, everything is fine and I am able to get the user profile information. This is quite important for me since I am using multitenancy of the IS and there is a case that I might have the following users:
admin#admin.com#test.net
admin#admin.com#test2.net
I noticed that this service was not working this way in WSO2 IS 5.0.0. I started experiencing this issue after the upgrade.
Is this a desired behavior and is introduced because of the change in the API in IS 5.2.0? If so is there another way to be able to get the user profile using the "username"+"tenant-domain"(that is retrieved by the OAuth2TokenValidationService as authorized user when passing valid access token).
Is it possible that this is caused because of misconfiguration? If so which is the file that needs to updated and what exactly should be modified in it?
Is there a place where more information could be retrieved for the WSO2 IS 5.2.0 Admin Services?
Thanks in advance.
UserProfileMgtService in Identity Server is an Admin Service. In WSO2 Admin Services, the tenant domain is identified by authenticated user and it should not pass with username.
username should be tenant free username.
So, you can remove carbon.super portion from the username and then it will work.
In tenant setup, you need to authenticate with a tenant user (Ex admin#admin.com#test.net) in order to access these API. So, like in the super tenant, you can use tenant free username and then it will work.
For example, if you want to get user profile of user : testuser#admin.com in tenant domain test.net, your request should be like bellow image.
Thanks
Isura.
I am very new to wso2. I try to integrate wso2 identity server 5.0 with an external ldap. I configured it according to this : https://docs.wso2.com/display/IS500/Configuring+a+Read-only+LDAP+User+Store
At the end of the link, it says that try to sign in with admin user but how can I authenticate an another user which is available in LDAP? Is it possible to login to the identity server with another ldap user (other than admin).
Thanks
according the configuration how it is described, a new user 'admin' with 'admin' role is added after startup. I assume you want to log on another user. You should be able to authenticate other users as well for other service providers (applications), but not in the management console. For that the admin role is required.
What you can try is to use the 'dashboard' application ( https://your-is-server-hostname:9443/dashboard/ )
Have fun
g.
Since you are configuring a read-only LDAP as the primary user store,
The user that should have admin permissions is required to be stored in the user store when you start the system for the first time. After that you have to give the login permission for all users in the LDAP user store. Login permission defined under admin permissions, which allows users to login to the management console.
Configure----->Users and Roles----->Roles----->Select "Permissions" of "Internal/everyone" or "Internal/your configured application" that you would like to give the permission.
Select "Login".
Update.
For the more details you can refer [1].
[1] https://docs.wso2.com/display/IS500/Role-based+Permissions