Authenticate using multiple attributes in WSO2 Identity Server
A user store contains users and possibly a set of attributes that defines that user and it’s capabilities. Some of these attributes are unique to the user such as; uid and the email address.
This sets a perfect background for allowing these users to authenticate themselves using either attribute which they prefer.
For this article we’ll be configuring a WSO2 Identity Server (IS) 5.2.0.
- Configuring the user store
- Configuring the carbon.xml
Configuring the user store
The built-in default user store of Identity Server is LDAP. We can change its configurations by modifying the user-mgt.xml found at <IS_HOME>/repository/conf directory.
Modify the property “UserNameSearchFilter” to accomodate both the uid and the email. The modified UserNameSearchFilter would be similar to the following configuration.
If the property “UserDNPattern” has been enabled (which is not the default setting) please make sure to disable it.
In order to use multiple attributes for authentication, add the following property in the user store, which is in this case the LDAP configurations.
Configuring the carbon.xml
Since we are trying to use the email address of the user for authentication, it is required to have the email authentication to be enabled.
Note: Please refer Enabling email authentication with WSO2 Identity Server on how to configure email as username.
Once the above configurations are in place, restart Identity Server by running the following script files found inIS_HOME>/bin/.
Linux: sh wso2server.sh
To test these configs, attempt to sign in to the Management Console separately using the email and the username (uid) with the same password.
There you have it. We’ve got our selves an Identity Server which allows authentication using email and the uid :)
Common issues faced when authenticate using multiple attributes is enabled:
Sophisticated security and identity management for web applications, services, and APIs. Central backbone to connect…wso2.com
When using the WSO2 Identity Server for user and role management, it is important to understand how to manage the…docs.wso2.com
To use the email as the username, you need to modify 2 configuration files.medium.com