Friday, August 14, 2015

Enabing E-mail User Login for WSO2 Products

This post explains different ways e-mail login can be enabled and how users/tenants can login to WSO2 products.

Pre-requisites

Users, tenants and their e-mail addresses that will be used for this scenario are as follows.

Super Admin User Name - admin
A user of Super Admin - adminUser
Email of Super Admin user - admin@yahoo.com
Email of a user of Super Admin - adminUser@gmail.com
Tenant Domain - tenantdomain.com
Tenant Admin - admin@tenantdomain.com
Tenant User - tenantDomainUser@tenantdomain.com
Tenant Admin Email - admin@hotmail.com
Tenant User Email - tenantDomainUser@aol.com
How to create tenants

When creating tenants, you have to give the tenant Admin Username as something like admin@gmail.com & not as admin

Scenario 1

Configuration that needs to be done

carbon.xml

<EnableEmailUserName>true</EnableEmailUserName>

user-mgt.xml

For JDBC User Stores

<Property name="UsernameWithEmailJavaScriptRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>

For LDAP based User Stores

<Property name="UserNameSearchFilter">(&(objectClass=person)(|(mail=?)(uid=?)))</Property>

& Comment  out the following

<!--Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property-->


So when you do the above configuration, you can login from the following types of users

- admin
- admin@yahoo.com
- admin@yahoo.com@carbon.super
- adminUser
- adminUser@gmail.com
- adminUser@gmail.com@carbon.super
- admin@hotmail.com@tenantdomain.com
- tenantDomainUser@aol.com@tenantdomain.com
You cannot login as

- admin@tenantdomain.com
- tenantDomainUser@tenantdomain.com


Senario 2 - Without configuring  EnableEmailUserName property in carbon.xml

Configuration that needs to be done

carbon.xml

<EnableEmailUserName>false</EnableEmailUserName>

user-mgt.xml

Same as in Scenario 1 above

You should be able to login from the below users/email addresses

- admin
- admin@yahoo.com@carbon.super
- adminUser
- adminUser@gmail.com@carbon.super
- admin@hotmail.com@tenantdomain.com
- tenantDomainUser@aol.com@tenantdomain.com
- tenantDomainUser@tenantdomain.com
Cannot login from

- admin@yahoo.com
- adminUser@gmail.com
- admin@tenantdomain.com

To create users with email addresses, you need to change the following properties of the LDAP user store configuration.

<Property name="UserNameAttribute">mail</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(mail=?))</Property>

After configuring your server with the above configs, you should be able to add users with email addresses as well as with uids.
For more information, go through the detailed blog written by Asela Pathberiya.
Posted by at No comments:
Subscribe to: Posts (Atom)