Multi-Attribute Login¶
WSO2 Identity Server lets you configure multiple attributes as the login identifier. While username is the default login identifier, users can have the option to enter a mobile number, email address or any attribute of their choice.
Supported flows
Multi-attribute login is supported in the following flows:
- Identifier first authenticator
- Username & Password Authenticator
- Authentication REST APIs
- Oauth Password grant
- Password recovery flow
The following section explains how to configure WSO2 identity server for multi-attribute login.
Enable multi-attribute login¶
To configure multi-attribute login, follow the steps below:
- On the WSO2 Identity Server Console, go to Login & Registration > Login Identifier > Multi Attribute Login.
- Toggle the switch to enable multi attribute login.
- Add attribute URIs for attributes that users are allowed to use as login identifiers.
- Click Update to save the changes.
Add regular expressions for allowed attributes¶
Once you have configured WSO2 Identity Server for multi-attribute login, you need to provide regular expressions for the allowed user attributes. Some user attributes have regex defined by default.
If you need to define regex for a user attribute, follow the steps below.
- On the WSO2 Identity Server Console, go to User Attributes and Stores > Attributes.
- Click Attributes again under the Manage Attributes section.
- Click Edit for the attribute you want to update.
- Enter the regex pattern under the Regular Expression field.
- Click Update to save the changes.
Here are a few examples of regex patterns.
Attribute URI | Example Regex pattern |
---|---|
http://wso2.org/claims/emailaddress | ^([a-zA-Z0–9_\.\-])+\@(([a-zA-Z0–9\-])+\.)+([a-zA-Z0–9]{2,4})+$ |
http://wso2.org/claims/mobile | ^(\+\d{1,2}\s?)?1?\-?\.?\s?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$ |
http://wso2.org/claims/username | ^[a-zA-Z0–9._-]{3,}$ |
Note
Username regex configuration is already available in the user store configurations. You can update the regex pattern as needed. Refer to User Store Properties to learn more.
You have now successfully set up WSO2 Identity Server to allow multi-attribute login.
Try it out¶
When multi-attribute login is configured in WSO2 Identity Server, application users can use any of the configured attributes to login.
In this example scenario, let's allow users to use the mobile number as a login identifier:
- Configure multi-attribute login for the attribute
http://wso2.org/claims/mobile
andhttp://wso2.org/claims/username
. - Go to the My Account:
https://localhost:9443/myaccount
. - Enter mobile number as the login identifier and click Sign In.
Tip
-
What happens if two users use the same value for an attribute?
Multi-attribute login will not work for these users. Retaining uniqueness for attribute values avoids this conflict. Learn about configuring the uniqueness of attributes.