Hi Kone,
This is not a bug. In IS 5.3.0 we introduced account recovery rest APIs and
self-signup rest APIs. In IS 5.2.0 it was there only soap APIs for account
recovery and self-registration scenarios. To support the backward
compatibility IS 5.3.0 OOTB supports both rest APIs and soap APIs for
account recovery and self-registration features.
So, there are two ways to support Ask Password feature in IS 5.3.0.
- Using old method (SOAP)
- Using new method (REST)
There are two steps associated with ASK password flow, First needs to send
an email and then need to confirm that email. The reason why you got above
error is, email was sent using the old method and try to confirm using the
new method.
We will update the documentation with further details. Please use one of
the following ways to support ask password feature in IS 5.3.0
- *Using old method.*
Then you need to enable old listener and disable new listeners in
identity.xml file as follows
<EventListener type="org.wso2.carbon.user.cor
e.listener.UserOperationEventListener"
name="org.wso2.carbon.identit
y.mgt.IdentityMgtEventListener"
orderId="50" enable="*true*"/>
<EventListener type="org.wso2.carbon.user.cor
e.listener.UserOperationEventListener"
name="org.wso2.carbon.identit
y.governance.listener.IdentityMgtEventListener"
orderId="95" enable="*false*"/>
<EventListener type="org.wso2.carbon.user.cor
e.listener.UserOperationEventListener" name="org.wso2.carbon.identity
.governance.listener.IdentityStoreEventListener"
orderId="97" enable="*false*">
Then follow the steps in the [1]. You need to change the email template and
use Info-recovery sample web APP to support this feature. (Identity Server
dashboard supports only for rest APIs)
- *Using new method.*
Then you need to disable old listener and enable new listeners in
identity.xml file as follows
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventL
istener"
name="org.wso2.carbon.identit
y.mgt.IdentityMgtEventListener"
orderId="50" enable="*false*"/>
<EventListener type="org.wso2.carbon.user.cor
e.listener.UserOperationEventListener"
name="org.wso2.carbon.identit
y.governance.listener.IdentityMgtEventListener"
orderId="95" enable="*true*"/>
<EventListener type="org.wso2.carbon.user.cor
e.listener.UserOperationEventListener" name="org.wso2.carbon.identity
.governance.listener.IdentityStoreEventListener"
orderId="97" enable="*true*">
You can't use Identity Server management console to add users with ask
password feature. You have to use RemoteUserStoreManagerServe, UserAdmin
Service or SCIM APIs to support new ASK password feature.
Enable ask password as follows from management console
Then use RemoteUserStoreManagerService AddUser method with askPassword
claim as follows
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ser="http://service.ws.um.carbon.wso2.org"; xmlns:xsd="
http://common.mgt.user.carbon.wso2.org/xsd";>
<soapenv:Header/>
<soapenv:Body>
<ser:addUser>
<ser:userName>test123</ser:userName>
<ser:credential>test123</ser:credential>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI>
<xsd:value>is...@wso2.com <isuradilh...@gmail.com></xsd:value>
</ser:claims>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/lastname</xsd:claimURI>
<xsd:value>lastname</xsd:value>
</ser:claims>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/givenname</xsd:claimURI>
<xsd:value>givenname</xsd:value>
</ser:claims>
* <ser:claims>*
* <xsd:claimURI>http://wso2.org/claims/identity/askPassword
<http://wso2.org/claims/identity/askPassword></xsd:claimURI>*
* <xsd:value>true</xsd:value>*
* </ser:claims>*
<ser:profileName>default</ser:profileName>
<ser:requirePasswordChange>false</ser:requirePasswordChange>
</ser:addUser>
</soapenv:Body>
</soapenv:Envelope>
You need to configure email settings in
<IS_HOME>/repository/conf/output-event-adapters.xml
file as step 2 in blog post [2]
We will update documentation asap. Please let us know if you need further
clarifications.
Thanks
Isura
[1] https://docs.wso2.com/display/IS530/Creating+Users+using
+the+Ask+Password+Option
[2]
http://isurad.blogspot.com/2016/12/self-user-registration-features-wso2.html
*Isura Dilhara Karunaratne*
Senior Software Engineer | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810 <+94%2077%20225%204810>
Blog : http://isurad.blogspot.com/
On Mon, Jan 2, 2017 at 3:23 PM, Koné Alioune Badara <
kon...@etna-alternance.net> wrote:
> Hello Ishara,
>
> Thank you for the answer, do you think it will be resolved for the 5.3.0
> official release? And by the way, what is the is date of that release?
>
> Regards,
>
> 2016-12-25 21:49 GMT+01:00 Ishara Cooray <isha...@wso2.com>:
>
>> Hi Alioune,
>>
>> This is because by default Identity Server shipped with LDAP store but it
>> tries to load user recovery data from JDBCRecoveryDataStore.
>>
>> Please refer jira[1] to track the issue.
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-5544
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> On Thu, Dec 22, 2016 at 3:23 PM, Koné Alioune Badara <
>> kon...@etna-alternance.net> wrote:
>>
>>> Hello,
>>>
>>> I'm trying to implement the AskPassword feature with the 5.3.0-BETA
>>> version, I followed every steps of the documentation and succeded to send
>>> the email, but when I go to page where I enter set my password, on the
>>> submit I get an error message (cf the screenshot).
>>>
>>> Is there something that I do wrong or is it a known bug?
>>>
>>> Note: the link sent in the mail is : https://localhost:9443/acco
>>> untrecoveryendpoint/confirmrecovery.do?confirmation={71fda0b
>>> 5-9ebf-4e0c-abc6-c79240d35681}&userstoredomain={PRIMARY}&use
>>> rname={romeo}&tenantdomain={carbon.super}
>>>
>>> Regards,
>>>
>>> Alioune B KONÉ.
>>> MASTER ETNA 2016.
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
>
> --
> Cordialement,
>
> Alioune B KONÉ.
> MASTER ETNA 2016.
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
