WSO2 Identity Server email authentication

0
votes

We're using WSO2 identity server 5.0 with SP1.

We've followed this guide to enable e-mail authentication, which has worked.

But now we aren't able to edit the email address (both, backend and scim) with return code 500.

Have we missing some configurations which aren't mentioned in the documentation or something, we've ran out of ideas.

Our user-mgt.xml:

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
    <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
    <Property name="defaultRealmName">WSO2.ORG</Property>
    <Property name="kdcEnabled">false</Property>
    <Property name="Disabled">false</Property>                                   
    <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
    <Property name="ConnectionName">uid=admin,ou=system</Property>
    <Property name="ConnectionPassword">admin</Property>
    <Property name="passwordHashMethod">SHA</Property>
    <Property name="UserNameListFilter">(&amp;(objectClass=identityPerson)(mail=*))</Property>
    <Property name="UserEntryObjectClass">identityPerson</Property>
    <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
    <Property name="UserNameSearchFilter">(&amp;(objectClass=identityPerson)(mail=?))</Property>
    <Property name="UserNameAttribute">mail</Property>
    <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
    <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
    <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
    <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
    <Property name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>
    <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
    <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
    <Property name="ReadGroups">true</Property>
    <Property name="WriteGroups">true</Property>
    <Property name="EmptyRolesAllowed">true</Property>
    <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
    <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
    <Property name="GroupEntryObjectClass">groupOfNames</Property>
    <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
    <Property name="GroupNameAttribute">cn</Property>
    <Property name="SharedGroupNameAttribute">cn</Property>
    <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
    <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
    <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
    <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
    <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
    <Property name="SharedTenantNameAttribute">ou</Property>
    <Property name="SharedTenantObjectClass">organizationalUnit</Property>
    <Property name="MembershipAttribute">member</Property>
    <Property name="UserRolesCacheEnabled">true</Property>
    <Property name="SCIMEnabled">true</Property>
    <Property name="MaxRoleNameListLength">100</Property>
    <Property name="MaxUserNameListLength">100</Property>
</UserStoreManager>

SCIM Error:

{"Errors":[{"description":"Error while updating attributes of user: [email protected]","code":"500"}]}

2
wso2wso2is

2 Answers

0
votes

It seems to be there is some configuration missing in the doc, You need to add following property in to the user store configuration as well. Other configuration seems to be fine. Also you can find more and clear details on enabling email username from here

<Property name="UsernameWithEmailJavaScriptRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>

Also, it is WSO2IS errors are logged in the/repository/logs/wso2carbon.log file. It is better to check it for finding actual exception

-1
votes

Thanks for the answer. We have added the missing property. our configuration seems to be the same as described in blog. In the /repository/logs/wso2carbon.log we found the following error.

Object : '[email protected],ou=Users,dc=wso2,dc=org'
        Modification[0]
            Operation :  replace
            Modification
mobile: (null)
        Modification[1]
            Operation :  replace
            Modification
url: (null)
        Modification[2]
            Operation :  replace
            Modification
givenName: John
        Modification[3]
            Operation :  replace
            Modification
country: (null)
        Modification[4]
            Operation :  replace
            Modification
sn: Doe
        Modification[5]
            Operation :  replace
            Modification
telephoneNumber: (null)
        Modification[6]
            Operation :  replace
            Modification
organizationName: (null)
        Modification[7]
            Operation :  replace
            Modification
mail: [email protected]
        Modification[8]
            Operation :  replace
            Modification
im: (null)
        Modification[9]
            Operation :  replace
            Modification
streetAddress: (null)
: ERR_62 Entry [email protected],ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN";]; remaining name '[email protected]'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3098)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1391)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
    at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:871)
    ... 121 more
TID: [0] [IS] [2015-06-04 10:48:39,046] ERROR {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient} -  org.apache.axis2.AxisFault: Profile information could not be updated in ApacheDS LDAP user store {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient}
TID: [0] [IS] [2015-06-04 11:11:29,749] ERROR {org.apache.directory.server.core.schema.SchemaInterceptor} -  ERR_62 Entry [email protected],ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN"; {org.apache.directory.server.core.schema.SchemaInterceptor}
TID: [0] [IS] [2015-06-04 11:11:29,749] ERROR {org.apache.directory.server.core.schema.SchemaInterceptor} -  ERR_62 Entry [email protected],ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN"; {org.apache.directory.server.core.schema.SchemaInterceptor}
TID: [0] [IS] [2015-06-04 11:11:29,750] ERROR {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver} -  Profile information could not be updated in ApacheDS LDAP user store {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver}
org.wso2.carbon.identity.user.profile.mgt.UserProfileException: Profile information could not be updated in ApacheDS LDAP user store