Skip to content

Using Email Address as the Username

Note

Configuring the email address as the username in an already running Identity Server is not the production recommended way. Therefore, make sure to configure it before you begin working with WSO2 IS.

  1. Open the <IS_HOME>/repository/conf/deployment.toml file.

  2. Add the following configuration.

    [tenant_mgt]
enable_email_domain= true

  3. Login to the management console and configure the Mapped Attribute property of the http://wso2.org/claims/username claim ID that is under Dialect dialectURI http://wso2.org/claims to mail.

  4. Configure the following set of parameters in the user store configuration, depending on the type of user store you are connected to (LDAP/Active Directory/ JDBC).

    Parameter Description

    UserNameAttribute


    Set the mail attribute of the user. LDAP/Active Directory only

    [user_store]
    user_name_attribute = "mail"
    UserNameSearchFilter

    Use the mail attribute of the user instead of cn or uid . LDAP/Active Directory only
    For example:

     In LDAP,[user_store]
    user_name_search_filter = "(&amp;(objectClass=person)(mail=?))"     
     In Active Directory, [user_store]
    user_name_search_filter = "(&amp;(objectClass=user)(mail=?))"
    UserNameListFilter

    Use the mail attribute of the user if necessary. LDAP/Active Directory only
    For example:

     In LDAP,[user_store]
    user_name_list_filter = "(&amp;(objectClass=person)(!(sn=Service)))"     
     In Active Directory, [user_store]
    user_name_list_filter = "(&amp;(objectClass=user)(!(sn=Service)))"

    Tip

    you are trying with the default embedded LDAP user store, this configuration change is not needed.
    UsernameWithEmailJavaScriptRegEx

    Change this property that is under the relevant user store manager tag as follows. This property validates usernames when email is used as the username and allows special characters like "@" in the username.

    [user_store.properties]
    UsernameWithEmailJavaScriptRegEx = '^[a-zA-Z0-9_@.+-]{5,200}$'
    UsernameJavaRegEx

    This is a regular expression to validate usernames. By default, strings have a length of 5 to 30. Only non-empty characters are allowed. You can provide ranges of alphabets, numbers and also ranges of ASCII values in the RegEx properties.

    [user_store]
    username_java_regex = '^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'
    Realm configurations

    The username must use the email attribute of the admin user.

    [super_admin]
    username = "[email protected]"
    password = "admin"

    Note

    Before this configuration, the user having the username admin and password admin was considered the super administrator. The super administrator user cannot be deleted.

    After this configuration, the user having the username [email protected] is considered the super administrator. The user having the username admin is considered as a normal administrator.
    super-admin

    Info

    With these configuration users can log in to super tenant with both email user name ([email protected]) or non-email user names (larry). But for tenant only email user names allowed ([email protected]@wso2.com).

    Note

    You can configure email user name without enabling enable_email_domain property, then users can login to both super tenant and tenant using email and non-email user names. But super tenant users should always use @carbon.super at the end of user names.

  5. Restart the server.

Related Topics

For more information on how to configure primary and secondary user stores, see Configuring User Stores.

Top