WSO2 IS does not maintain password
history of the users.
1) Keep a history of password for users in a configured number of counts per Role
2) Password history should be kept with a timestamp (in 1 timezone) so that a user does reuse the same password in xx number of days.
3) Have Password History configurable to roles level
1) Keep a history of password for users in a configured number of counts per Role
2) Password history should be kept with a timestamp (in 1 timezone) so that a user does reuse the same password in xx number of days.
3) Have Password History configurable to roles level
To implement password history feature you have to write your own custom user store manager. Refer doc [1]
Checkout the code from [2]
You have to create your own database tables related to password histroty feature and add the implementation to the following methods
doAddUser
doDeleteUser
doUpdateCredential
doUpdateCredentialByAdmin
This java implementation will be same for any RDBMS.
[1] https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager#WritingaCustomUserStoreManager-Writingthecustomuserstoremanager
[2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0009/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/jdbc/JDBCUserStoreManager.java
Checkout the code from [2]
You have to create your own database tables related to password histroty feature and add the implementation to the following methods
doAddUser
doDeleteUser
doUpdateCredential
doUpdateCredentialByAdmin
This java implementation will be same for any RDBMS.
[1] https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager#WritingaCustomUserStoreManager-Writingthecustomuserstoremanager
[2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0009/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/jdbc/JDBCUserStoreManager.java
Comments