Friday, October 30, 2015

Enabling User Password Recovery for WSO2 API Manager with WSO2 Identity Server - Part 1

Any of the WSO2 API Manager versions released so far does not have the capability of user password recovery. If the API Manager users completely forget their password, they do not have a way to recover it. However WSO2 Identity Server have this feature implemented as a service called UserInformationRecoveryService. This blog post will explain how to use this password recovery feature of WSO2 IS in WSO2 API Manager. I will demonstrate the service calls through soap UI here.

User Information Recovery API

WSO2 Identity Server has given an API to recover forgotten/lost password in several ways. Those are as follows.

1. Recover with notification : password recovery by using email based notifications. An email is sent to the user's email account through axis2 mail transport.
2. Recover with Secret Questions : By obtaining answers for some challenge questions by invoking UserIdentityManagementAdminService.
3. User Account Recovery : helps to recover username of the account if the user has forgotten it.

All the above recovery processes are secured with captcha verification. In this blog post I will describe how the first option can be enabled in WSO2 API Manager 1.8.0.

Installing WSO2 Identity Server Feature in API Manager

First of all if we want to have the password recovery capability in WSO2 API Manager you have to install the Account Recovery and Credential Management Feature of WSO2 Identity Server in WSO2 API Manager. Please follow the below steps to install the feature.

Steps : 
1. Start the Server and log in to the Management Console of WSO2 API Manager

For more information on downloading WSO2 API Manager, installing it and about installation prerequisites please refer WSO2 API Manager Documentation.

2. Navigate to the Configuration menu and go to Features --> Repository Management and add repository with a relevant name.  e.g. credential-mgt

3. Give the following as the repository URL This is the related P2 repository for the feature.

4. Click on Find the features and select Account Recovery and Credential Management 4.2.2 and click install.

5. Accept Licence Agreement and finish installing the feature.

Configuring WSO2 API Manager for User Information Recovery

After installing the feature follow the documentation on Recover with Notification in WSO2 Identity Server and configure WSO2 API Manager for User Information Recovery. Consider <IS_HOME> mentioned in the documentation as <APIM_HOME> which is the installation directory of product API Manager.

Now WSO2 API Manager has the capability of calling the UserInformationRecoveryService.

Getting the WSDL of UserInformationRecoveryService

Steps : 
1. Stop the Server.
2. Go to <APIM_HOME>/repositiory/conf/carbon.xml and make <HideAdminServiceWSDLs> property false as follows.

2. Start the Server and access the WSDL of UserInformationRecoveryService through following link.

Now what you have to do is calling the relevant service methods in order. Follow the service methods mentioned in documentation and call the service methods.

To use this feature as an existing feature in WSO2 API Manager either you have to implement a jaggery module in API Manager Store or you have to create a separate web app to be redirected from within API Manager Store. however you can check how this is working using Soap UI.

Please go through my next blog post to see how you can call the UserInformationRecoveryService through Soap UI and change the password of a user.