Using Email Address as the Username¶
Note
Configuring the email address as the username in an already running Identity Server is not the production recommended way. Therefore, make sure to configure it before you begin working with WSO2 IS.
- Open the
<IS_HOME>/repository/conf/deployment.toml
file. -
Add the following configuration.
[tenant_mgt] enable_email_domain= true
-
Login to the management console and configure the
Mapped Attribute
property of thehttp://wso2.org/claims/username
claim ID that is under Dialect dialectURIhttp://wso2.org/claims
tomail
. -
Configure the following set of parameters in the user store configuration, depending on the type of user store you are connected to (LDAP/Active Directory/ JDBC).
Parameter Description UserNameAttribute
Set the mail attribute of the user. LDAP/Active Directory only
[user_store]
user_name_attribute = "mail"UserNameSearchFilter
Use the mail attribute of the user instead of
cn
oruid
. LDAP/Active Directory only
For example:In LDAP,
[user_store]
user_name_search_filter ="(&(objectClass=person)(mail=?))"
In Active Directory,[user_store]
user_name_search_filter ="(&(objectClass=user)(mail=?))"
UserNameListFilter
Use the mail attribute of the user if necessary. LDAP/Active Directory only
For example:In LDAP,
[user_store]
user_name_list_filter ="(&(objectClass=person)(!(sn=Service)))"
In Active Directory,[user_store]
user_name_list_filter ="(&(objectClass=user)(!(sn=Service)))"
Tip
you are trying with the default embedded LDAP user store, this configuration change is not needed.
UsernameJavaScriptRegEx
Change this property that is under the relevant user store manager tag as follows. This property allows you to add special characters like "@" in the username.
[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'UsernameJavaRegEx
This is a regular expression to validate usernames. By default, strings have a length of 5 to 30. Only non-empty characters are allowed. You can provide ranges of alphabets, numbers and also ranges of ASCII values in the RegEx properties.
[user_store]
username_java_regex = '^[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'Realm configurations The username must use the email attribute of the admin user.
[super_admin]
username = "[email protected]"
password = "admin"Note
Before this configuration, the user having the username admin and password admin was considered the super administrator. The super administrator user cannot be deleted.
After this configuration, the user having the username
[email protected]
is considered the super administrator. The user having the username admin is considered as a normal administrator.
Info
With these configuration users can log in to super tenant with both email user name (
[email protected]
) or non-email user names (larry
). But for tenant only email user names allowed ([email protected]@wso2.com
).Note
You can configure email user name without enabling
enable_email_domain
property, then users can login to both super tenant and tenant using email and non-email user names. But super tenant users should always use @carbon.super at the end of user names. -
Restart the server.
Related Topics
For more information on how to configure primary and secondary user stores, see Configuring User Stores.