Skip to content

Configure Claims

By default, identity claim values are stored in the JDBC datasource configured in the deployment.toml file. If needed, you can configure WSO2 IS to store the claim values in another user store as well.

  1. Open the <IS_HOME>/repository/conf/deployment.toml file and add the following configuration to change the data_store property value to UserStoreBasedIdentityDataStore .

    [event.default_listener.governance_identity_mgt]
    priority= "95"
    enable = true
    [event.default_listener.governance_identity_store]
    priority= "97"
    enable = true
    data_store = "org.wso2.carbon.identity.governance.store.UserStoreBasedIdentityDataStore"
  2. Map the identity claims mentioned below to attributes in the underlying user store.

    Info

    Learn more about adding claim mapping.

    • http://wso2.org/claims/identity/accountLocked: This claim is used to store the status of the user's account, i.e., if it is locked or not.

    • http://wso2.org/claims/identity/unlockTime: This is used to store the timestamp that the user's account is unlocked.

    • http://wso2.org/claims/identity/failedLoginAttempts: This is used to track the number of consecutive failed login attempts. It is based on this that the account is locked.

Top