Skip to main content

How to catch the AD password expired/locked situation by WSO2IS

Solution: you have to write your own custom user store.

When the password expired or account locked from the AD level, AD returns an error codes [1] to the IS. That error code you can catch in the customer user store and implement your own logic to fulfilling your requirement.
49 / 532 PASSWORD_EXPIRED
49 / 533 ACCOUNT_DISABLED
[1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0

So, create a new class extending org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager [2], and it will let you to override the doAuthenticate() method which derived from ReadOnlyLDAPUserStoreManager [3]. Note that you need to implement bindAsUser() method, and catch the AuthenticationException which throws when the password expired or account locked from the AD level and based on that you can implement your own logic.

You can see the error codes thrown from AD to IS when enabling DEBUG logs in org.wso2.carbon.user.core component.
For this you need to navigate to [IS_HOME]/repository/conf directory and add the following entry to log4j.properties file and save it.


Then restart the server and try to login with password expired or account locked user. You can see the error codes in [IS_HOME]/repository/logs/wso2carbon.log file
[2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0010/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/ldap/ActiveDirectoryUserStoreManager.java
[3] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0010/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java

Refer [4] which will help you on how to write a custom user store manager and deploying the same. After deployment and restarting the server verify whether your scenario works as expected.
[4] https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager#WritingaCustomUserStoreManager-Writingthecustomuserstoremanager


Refer [5] the sample CustomUserStoreManager code base which will help you identifying the structure you need to implement your class. ( You can download this source and adhere to this structure when writing your own implementation)
[5] https://svn.wso2.org/repos/wso2/people/pushpalanka/SampleCustomeUserStoreManager-5.0.0/src/main/java/org/wso2/sample/user/store/manager/CustomUserStoreManager.java
Labels:

Comments

Post a Comment

Popular posts from this blog

How to generate random unique number in SOAP UI request

eg 1: ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} eg 2: ${=java.util.UUID.randomUUID()} ${=java.util.UUID.randomUUID()} ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf
Post a Comment
Read more

Tips on using environment variables in WSO2 Integration Cloud

Environment variables allow you to change an application's internal configuration without changing its source code. Let’s say you want to deploy the same application in development, testing  and production environments. Then database related configs and some other internal configurations may change from one environment to another. If we can define these configurations as an environment variables we can easily set those without changing the source code of that application. When you deploy your application in WSO2 Integration Cloud, it lets you define environment variables via the UI. Whenever you change the values of environment variables, you just need to redeploy the application for the changes to take effect. Predefined environment variables Key Concepts - Environment Variables   provides you some predefined set of environment variables which will be useful when deploying applications in WSO2 Integration Cloud. Sample on how to use environment variables ...
Post a Comment
Read more

VFS access SFTP with special character password

Learn WSO2 ESB VFS Transport https://docs.wso2.com/display/ESB481/VFS+Transport When we need to access the FTP server using SFTP, VFS connection-specific URL need to be given as : <parameter name="transport.vfs.FileURI">vfs:sftp://username:p@ssword@ftp.server.com/filePath?vfs.passive=true</parameter> When the password contains a special characters (eg: p@ssword), it gives the following error. 2015-03-27 13:06:03,766  [-]   [PassThroughMessageProcessor-5]  ERROR VFSTransportSender cannot resolve replyFile org.apache.commons.vfs2.FileSystemException: Invalid absolute URI "sftp://username:***@ftp.server.com/filePath?vfs.passive=true". Solution 1: Replace the special characters with the respective hex representation. <parameter name="transport.vfs.FileURI">vfs:sftp://username:p%40ssword@ftp.server.com/filePath?vfs.passive=true</parameter> Char Hex Code ------- -------- [space] %20 ...
Post a Comment
Read more