Wednesday, October 14, 2015

How to Set Password for User Accounts Created with 'Ask Password' feature in WSO2 Identity Server

WSO2 Identity Server provides an option for creating user accounts without specifying the password for the account where the end user can later update the password for a created account. This feature is discussed in detail in [1]. This blog post is about how to update the password of such account that is already created using the Admin Services.

Here I have configured the ‘Ask Password’ [2] feature by following [1] and I create a user from the Management Console.




I assign the ‘admin’ role for this user for demonstration purpose.

Upon successfully creating the user, Identity Server sends an email to the email address defined for the user at the time of account creation.



In the received email, what is important for us is the confirmation code. This is the value for {confirmation-code} placeholder put in the email template. Here I have received the following confirmation code value in the email.

confirmation code
00741dbc-3b03-462c-943c-902031333a3a


For updating the password of the created user, we need to call the following operations in UserInformationRecoveryService [3] one after the other.

  1. getCaptcha()
  2. verifyConfirmationCode()
  3. updatePassword()

Here the getCaptcha method is needed only if you have set the following property to true in IS_HOME/repository/conf/security/identity-mgt.properties file. If it is set to false, you can ignore the getCaptcha method from above steps.

Captcha.Verification.Internally.Managed=true


If you have enabled captcha verification, you can follow [4] to know more information about the details we need to send for captcha verification.

Next step is to call the verifyConfirmationCode method. If you have enabled captcha verification, you need to send the SOAP request as following where you need to provide details for captcha verification.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org" xmlns:xsd="http://beans.mgt.captcha.carbon.wso2.org/xsd">
  <soapenv:Header/>
  <soapenv:Body>
     <ser:verifyConfirmationCode>
        <ser:username>tharindu</ser:username>
        <ser:code>00741dbc-3b03-462c-943c-902031333a3a</ser:code>
      
        <!--Optional:-->
        <ser:captcha>
           <xsd:imagePath>registry/resource/_system/config/repository/components/org.wso2.carbon.captcha-images/dc832c96-3ed2-45e2-adfe-fcb0ef341ce3.jpg</xsd:imagePath>
           <xsd:secretKey>dc832c96-3ed2-45e2-adfe-fcb0ef341ce3</xsd:secretKey>
           <xsd:userAnswer>8dy54</xsd:userAnswer>
        </ser:captcha>
      
     </ser:verifyConfirmationCode>
  </soapenv:Body>
</soapenv:Envelope>

If you have not enabled captcha verification, you can send the SOAP request as following where captcha tag is removed from the request.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org" xmlns:xsd="http://beans.mgt.captcha.carbon.wso2.org/xsd">
  <soapenv:Header/>
  <soapenv:Body>
     <ser:verifyConfirmationCode>
        <ser:username>tharindu</ser:username>
        <ser:code>00741dbc-3b03-462c-943c-902031333a3a</ser:code>   
     </ser:verifyConfirmationCode>
  </soapenv:Body>
</soapenv:Envelope>

In above requests, the value for code is the confirmation code received in the email. Upon successfully verifying the confirmation code, we receive the following SOAP response.


<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
     <ns:verifyConfirmationCodeResponse xmlns:ns="http://services.mgt.identity.carbon.wso2.org">
        <ns:return xsi:type="ax2297:VerificationBean" xmlns:ax2293="http://mgt.identity.carbon.wso2.org/xsd" xmlns:ax2295="http://beans.mgt.captcha.carbon.wso2.org/xsd" xmlns:ax2297="http://beans.mgt.identity.carbon.wso2.org/xsd" xmlns:ax2298="http://dto.mgt.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ax2301="http://base.identity.carbon.wso2.org/xsd">
           <ax2297:error xsi:nil="true"/>
           <ax2297:key>11e5565b-6546-4100-b882-e130ec03f354</ax2297:key>
           <ax2297:notificationData xsi:nil="true"/>
           <ax2297:redirectPath xsi:nil="true"/>
           <ax2297:userId>tharindu</ax2297:userId>
           <ax2297:verified>true</ax2297:verified>
        </ns:return>
     </ns:verifyConfirmationCodeResponse>
  </soapenv:Body>
</soapenv:Envelope>


Next step is to call the updatePassword method. For that we need to send following SOAP request where as confirmationCode, we need to send the value (key) received in previous step’s response.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org">
  <soapenv:Header/>
  <soapenv:Body>
     <ser:updatePassword>
        <ser:username>tharindu</ser:username>          <ser:confirmationCode>11e5565b-6546-4100-b882-e130ec03f354</ser:confirmationCode>
        <ser:newPassword>admin@WSO2</ser:newPassword>
     </ser:updatePassword>
  </soapenv:Body>
</soapenv:Envelope>

After successfully updating the password for the user, following SOAP response is received.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
     <ns:updatePasswordResponse xmlns:ns="http://services.mgt.identity.carbon.wso2.org">
        <ns:return xsi:type="ax2297:VerificationBean" xmlns:ax2293="http://mgt.identity.carbon.wso2.org/xsd" xmlns:ax2295="http://beans.mgt.captcha.carbon.wso2.org/xsd" xmlns:ax2297="http://beans.mgt.identity.carbon.wso2.org/xsd" xmlns:ax2298="http://dto.mgt.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ax2301="http://base.identity.carbon.wso2.org/xsd">
           <ax2297:error xsi:nil="true"/>
           <ax2297:key xsi:nil="true"/>
           <ax2297:notificationData xsi:nil="true"/>
           <ax2297:redirectPath xsi:nil="true"/>
           <ax2297:userId xsi:nil="true"/>
           <ax2297:verified>true</ax2297:verified>
        </ns:return>
     </ns:updatePasswordResponse>
  </soapenv:Body>
</soapenv:Envelope>

Now I try to login to the Management Console from the user account which I updated the password.

Using the new password, I can successfully login.


References


Tharindu Edirisinghe
Identity Server Team
WSO2

No comments:

Post a Comment