Wednesday, May 4, 2016

User Password History Management in WSO2 IS

WSO2 IS does not maintain password history of the users.

1) Keep a history of password for users in a configured number of counts per Role
2) Password history should be kept with a timestamp (in 1 timezone) so that a user does reuse the same password in xx number of days.
3) Have Password History configurable to roles level


To implement password history feature you have to write your own custom user store manager. Refer doc [1]
Checkout the code from [2]

You have to create your own database tables related to password histroty feature and add the implementation to the following methods

doAddUser
doDeleteUser
doUpdateCredential
doUpdateCredentialByAdmin

This java implementation will be same for any RDBMS.

[1] https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager#WritingaCustomUserStoreManager-Writingthecustomuserstoremanager
[2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0009/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/jdbc/JDBCUserStoreManager.java

No comments: