By default, identity claim values are stored in the JDBC datasource
configured in the
deployment.toml file. If needed, you
can configure WSO2 IS to store the claim values in another user store as
<IS_HOME>/repository/conf/deployment.tomlfile and add the following configuration to change the
data_storeproperty value to
[event.default_listener.governance_identity_mgt] priority= "95" enable = true [event.default_listener.governance_identity_store] priority= "97" enable = true data_store = "org.wso2.carbon.identity.governance.store.UserStoreBasedIdentityDataStore"
Map the identity claims mentioned below to attributes in the underlying user store.
Learn more about adding claim mapping.
http://wso2.org/claims/identity/accountLocked: This claim is used to store the status of the user's account, i.e., if it is locked or not.
http://wso2.org/claims/identity/unlockTime: This is used to store the timestamp that the user's account is unlocked.
http://wso2.org/claims/identity/failedLoginAttempts: This is used to track the number of consecutive failed login attempts. It is based on this that the account is locked.