Tuesday, October 27, 2015

Set custom password policies to APIStore signup


In WSO2 Identity Server, it can define custom password policies and enforce them at user creation. Could the same feature use in  WSO2 APIStore self signup?Yes ,it's possible with following below steps.
To set the user password policy during sign up for Store  in AM 1.9.1,first user need to install the "Account Recovery and Credential Management' feature on top of API Manager 1.9.1. 
1. Log into the APIM's Management Console [https://localhost:9443/carbon]
2. On the left side menu section 'Configure', go to features -> repository Management and add Repository with a relevant name e.g. account-mgt

3. Give the following as the repository URL  and add the repository.


4. Then select  "Show only the latest versions" option in the showing features installation UI and click on "Find the features" button.

5. Then select "Account Recovery and Credential Management 4.2.2" feature and install. 

6. Go through the feature installation process until it completes.
7. Then modify the identity­-mgt.properties  file located in wso2am-1.9.1/repository/conf/security/ according to https://docs.wso2.com/display/IS500/Password+Policies 
8. Restart the server and that's it.Now try self signup feature in APIStore.
For more info on feature installation process,refer[1].
Note- APIStore self signup UI page input password field validation is based on default password policy.You can change it to match with your custom policy by extending the self signup page with your custom html changes via a sub theme.

No comments:

Post a Comment