Account Locking with WSO2 API Manager – 2.0.0

Account locking is a part of Account and Credential Management in Identity Governance and Administration.

Let's see how to install Account Locking feature with WSO2 API Manager;

 Note: (Before you are doing any changes)
  • Shutdown the APIM server (If already running).
  • Keep a backup on your identity.xml (APIM_HOME/repository/conf/identity/identity.xml) file beforehand.
  • Save the following content as a pom.xml file and replace all the APIM_HOME locations inside the pom file with your APIM location (There are 3 places).


<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion>

    <groupId>org.wso2.dev</groupId>

    <artifactId>dev-feature-addons</artifactId>
    <version>1.0.0</version>
    <packaging>pom</packaging>
    <name>WSO2 Feature addons for DEV</name>
    <url>http://wso2.org</url>
    <build>
        <plugins>
            <plugin>
                <groupId>org.wso2.maven</groupId>
                <artifactId>carbon-p2-plugin</artifactId>
                <version>1.5.8</version>
                <executions>
                   <execution>
                        <id>uninstall-feature</id>
                        <phase>package</phase>
                        <goals>
                            <goal>p2-profile-gen</goal>
                        </goals>
                        <configuration>
                            <profile>default</profile>
                            <metadataRepository>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</metadataRepository>
                            <artifactRepository>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</artifactRepository>
                            <destination>APIM_HOME/repository/components</destination>
                            <deleteOldProfileFiles>false</deleteOldProfileFiles>
                            <uninstall>true</uninstall>
                            <features>
                                <feature>
                                    <id>org.wso2.carbon.security.mgt.server.feature.group</id>
                                    <version>5.2.0</version>
                                </feature>

                                 <feature>
                                    <id>org.wso2.carbon.security.mgt.ui.feature.group</id>
                                    <version>5.2.0</version>
                                </feature>

                                 <feature>
                                    <id>org.wso2.carbon.security.mgt.feature.group</id>
                                    <version>5.2.0</version>
                                </feature>
                                 <feature>
                                    <id>org.wso2.carbon.identity.core.feature.group</id>
                                    <version>5.2.0</version>
                                </feature>
                            </features>
                        </configuration>
                    </execution> 
                    <execution>
                        <id>feature-install</id>
                        <phase>package</phase>
                        <goals>
                            <goal>p2-profile-gen</goal>
                        </goals>
                        <configuration>
                            <profile>default</profile>
                            <metadataRepository>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</metadataRepository>
                            <artifactRepository>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</artifactRepository>
                            <destination>APIM_HOME/repository/components</destination>
                            <deleteOldProfileFiles>false</deleteOldProfileFiles>                           
                            <features>
                                <feature>
                                    <id>org.wso2.carbon.security.mgt.ui.feature.group</id>
                                    <version>5.2.2</version>
                                </feature>
                                <feature>
                                    <id>org.wso2.carbon.security.mgt.server.feature.group</id>
                                    <version>5.2.2</version>
                                </feature>
                                <feature>
                                    <id>org.wso2.carbon.security.mgt.feature.group</id>
                                    <version>5.2.2</version>
                                </feature>
                                 <feature>
                                    <id>org.wso2.carbon.identity.core.feature.group</id>
                                    <version>5.2.2</version>
                                </feature>

                                <feature>
                                    <id>org.wso2.carbon.identity.mgt.feature.group</id>
                                    <version>5.2.2</version>
                                </feature>
                        
                            </features>
                        </configuration>
                    </execution>

                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-antrun-plugin</artifactId>
                <version>1.1</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <configuration>
                            <tasks>
                                <replace token="false" value="true" dir="APIM_HOME/repository/components/default/configuration/org.eclipse.equinox.simpleconfigurator">
                                    <include name="**/bundles.info"/>
                                </replace>
                            </tasks>
                        </configuration>
                        <goals>
                            <goal>run</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <repositories>
        <repository>
            <id>wso2-nexus</id>
            <name>WSO2 internal Repository</name>
            <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
            <releases>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
                <checksumPolicy>ignore</checksumPolicy>
            </releases>
        </repository>
    </repositories>
    <pluginRepositories>
        <pluginRepository>
            <id>wso2-maven-releases-repository</id>
            <url>http://maven.wso2.org/nexus/content/repositories/releases/</url>
        </pluginRepository>
    </pluginRepositories>
</project>

As you can see on the executions, this will uninstall some features and install/update the relevant features for account locking. 

  1. Then run the pom file using mvn clean install
    This will install/update the required feature versions related to account locking.

    If you get an exception like - /components/artifacts.xml (No such file or directory), don't worry.
  2. Then open APIM_HOME/repository/conf/identity/identity.xml and do the following changes.
  • Change the DataSource name to <Name>jdbc/WSO2AM_DB</Name> (it will have WSO2CarbonDB)
  • Replace the SupportedGrantTypes with the following
     <SupportedGrantTypes>
            <SupportedGrantType>
                <GrantTypeName>authorization_code</GrantTypeName>
              <GrantTypeHandlerImplClass>
               org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler
               </GrantTypeHandlerImplClass>
            </SupportedGrantType>
            <SupportedGrantType>
                <GrantTypeName>password</GrantTypeName>
                <GrantTypeHandlerImplClass>
                 org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler
                </GrantTypeHandlerImplClass>
              </SupportedGrantType>
            <SupportedGrantType>
                <GrantTypeName>refresh_token</GrantTypeName>
                <GrantTypeHandlerImplClass>
                org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler
              </GrantTypeHandlerImplClass>
            </SupportedGrantType>
            <SupportedGrantType>
                <GrantTypeName>client_credentials</GrantTypeName>
              <GrantTypeHandlerImplClass>
              org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler
              </GrantTypeHandlerImplClass>
            </SupportedGrantType>
            <SupportedGrantType>
                <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
                <GrantTypeHandlerImplClass>
                 org.wso2.carbon.apimgt.keymgt.handlers.ExtendedSAML2BearerGrantHandler
             </GrantTypeHandlerImplClass>
            </SupportedGrantType>
            <SupportedGrantType>
                <GrantTypeName>iwa:ntlm</GrantTypeName>
                <GrantTypeValidatorImplClass>
                 org.wso2.carbon.identity.oauth.common.NTLMAuthenticationValidator
                </GrantTypeValidatorImplClass>
                <GrantTypeHandlerImplClass>
  org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandlerWithHandshake
  </GrantTypeHandlerImplClass>
            </SupportedGrantType>
        </SupportedGrantTypes>
    4. Change the OAuthCallbackHandlers and add the OAuthScopeValidator as following
     <OAuthCallbackHandlers>
            <OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
        </OAuthCallbackHandlers>
        <OAuthScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator"/>
5. In the EventListeners make the following Listeners "true"
  • org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener
  • org.wso2.carbon.identity.mgt.IdentityMgtEventListener
  • org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener
6. After doing the above changes, change the followings in identity-mgt.properties at the same location
  • Notification.Expire.Time=20
  • UserAccount.Verification.Enable=true
  • Authentication.Policy.Enable=true
  • Authentication.Policy.Account.Lock.Time=2
  • Authentication.Policy.Account.Lock.On.Failure=true
  • Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=3

7. Start the APIM server.

8. Check  User Account Locking through Admin Services on the following link,

 http://chanukadissanayake.blogspot.com/2017/08/wso2-user-account-locking-through-admin.html

Comments

Post a Comment

Popular posts from this blog

How to fix SoapUI freeze in Mac OS

Follow these steps carefully, which will fix SoapUI freeze in Mac OS. [Note: Tested in my OS X 10.11.6] Start ‘Activity Monitor’ and Force Kill your dead soapUI process. [Or use Command-Option-Escape to force quit it.] In Finder, /Applications/SmartBear/soapUI-5.0.0.app > Show Package Contents. Edit /Applications/SmartBear/soapUI-5.0.0.app/Contents/ java/app/bin/soapui.sh. Uncomment this line# JAVA_OPTS="$JAVA_OPTS -Dsoapui.browser.disabled=true". [In other words, remove the "#" to stop it being a comment.] Edit /Applications/SmartBear/soapUI-5.0.0.app/Contents/ vmoptions.txt. Add -Dsoapui.browser.disabled=true. Start soapUI. [In those paths, change  soapUI-5.0.0  to match your version. For me it is  soapUI-5.1.3 .] Referenced from:  https://community.smartbear.com/t5/SoapUI-NG/SoapUI-Pro-5-1-2-hangs-on-Mac-OS-X-10-8-5/td-p/95626
Read more

[WSO2 Open Source Enterprise Solutions] Integration: People-HR

Image
Products: WSO2 ESB, WSO2 DAS, WSO2 Developer Studio and WSO2 IOT Server. Introduction Intention of this article to demonstrate one of the real world usage of wso2 products. According to the provided architecture [Figure 1.0.0], this article will cover-up some usage of WSO2 developer studio, WSO2 Enterprise Service Bus (ESB) and WSO2 Data Analytics Server (DAS). Nowadays most of the organizations are using external systems to manage their process, management task and activities, such as Salesforce for sales, Pardot for marketing, People-HR for managing human resource...etc. This article explain, how to connect external system using WSO2 ESB connectors by providing a sample configurations using people-HR connector. WSO2 ESB Connectors facilitates you to connect with external systems and manipulate those data. Connectors are connected with the WSO2 Enterprise Service Bus (WSO2 ESB), which is a lightweight, high performance, comprehensive ESB. 100% open source, WSO2 ...
Read more

Salesforce Auto generate renewal Opportunity with Line Items (i.e. Opportunity Products)

Image
First,  let's take a look at the business scenario of this.  Each Account(customer) have a set of opportunities and its Line Items which also know as Products of that Opportunity. Once the salesperson enters those opportunity and product details in the Salesforce, those are likely to be renewed (quarterly, yearly...etc) by the customer if they are planning to go ahead with the same vendor in the next year as well. Therefore, we need to again enter the same data into Salesforce which is almost similar to the previous details which are a time-consuming tedious task.    Our objective is to automate this renewal scenario. What are the available options Writing a class which is invoked by a Visualforce page to create the new opportunity and line items (by acquiring data through SOQL in the Apex class). Writing a trigger to fire on the opportunity once the particular conditions are met. Configuring a process builder follows by a flow t...
Read more