Friday, August 28, 2015

Change email address for user in WSO2 Identity Server

Overview

Sometimes users need to log in using their email address as username but they need to change their email address and log in user new email address. With WSO2 identity Server 5.0.0 there is no direct way to update email address when you use email address as username.  Because chaging the username (uid) in WSO2 IS 5.0.0 is not recommended due to several limitations. This blog post provide workaround for change email address and log in using your new email address.

Workaround

You can simply write custom authenticator to satisfy above requirement. you can find the Basic authenticator code from here [1].

Workaround is to first get email address from the user as username. Then map the correct uid from the user store for given email address. Then log the user using uid retrieve from userstore. I have tested this code using LDAP as userstore.


Step 1 

Write custom authenticator extending extends AbstractApplicationAuthenticator
 implements LocalApplicationAuthenticator .


Step 2

Following method will use to retrieve uid for email address.

private String getUserNameForEmail(String emailAddress) throws UserStoreException

 RealmService realmService = CustomBasicAuthenticatorServiceComponent.getRealmService();
        // Obtain username for given email address
        if (realmService != null) {
            String[] usersWithClaim = realmService.getUserRealm(realmService.getBootstrapRealmConfiguration())
                    .getUserStoreManager().getUserList(CustomBasicAuthenticatorConstants.CLAIM_URI_FOR_EMAIL_ADDRESS,
                                                       emailAddress, null);
            if (usersWithClaim.length == 1 && usersWithClaim[0] != null) {
                if(log.isDebugEnabled()){
                    log.debug("Email address for the given username "+ usersWithClaim[0]);
                }
                return usersWithClaim[0];

             } else if (usersWithClaim.length > 1) {
                //Multiple users cannot have same email address
                throw new UserStoreException("Multiple users cannot have same email address");
            }
        }
        // If user does not have email address we will use given username to login.
        return emailAddress;
    }
public static final String CLAIM_URI_FOR_EMAIL_ADDRESS = "http://wso2.org/claims/emailaddress";


Step 3

In processAuthenticationResponse method you can use above method to log the user using uid.

 String username = request.getParameter("username"); try { username = getUserNameForEmail(username); } catch (UserStoreException e) { String errMsg = "Error occurred while getting username for given email address for username: "+ username; log.error(errMsg, e); throw new AuthenticationFailedException(errMsg, e); }


Limitations

There may issues when you have two users with same username. So we need to make sure to check this when adding user into userstore.















Posted by at
Labels: ,

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )