Open in app

Sign in

Write

Sign in

[WSO2] [IS] How To Unlock WSO2-Identity Server Admin Account.

ConcernedMonkey
2 min readFeb 19, 2020

We all have our good and bad days, and then there's days like we finally manage to lock our Admin account, how? I've no idea, but we all do. What if, its our only Admin account?

In a situation like that, what can we do to unlock our account and continue with our work you ask? I will guide you through some options we have to resolve this problem.

First let's look-in to the configurations.

Setting up the configurations can be found in the official documentation. Either you can enable these configurations using the UI or <IS_HOME>/repository/conf/identity/identity-mgt.properties file.

Option-1:

Wait till it gets recovered automatically.

In the following configuration parameter you setup the Lock.Time for each account upon the consecutive login account failure attempts. Please note this value takes in Minutes, NOT seconds.

Authentication.Policy.Account.Lock.Time=5

In this scenario, the accounts will be locked for 5 minutes.

Option-2:

Restart the server using the -DunlockAdmin system property. There were some cases this property didn't work as expected. Which brings us to,

Option-3:

As a last resort, you can change the configurations from database level and unlock relevant Admin account.

The table you are looking for is in the Access Management database or IDM database in a vanilla pack, and the table name IDN_IDENTITY_USER_DATA.

For the 'admin' username (or any other username) there will be some DATA_KEY available in the table, we don't need all of them, what we need;

  1. http://wso2.org/claims/identity/accountLocked
  2. http://wso2.org/claims/identity/unlockTime

in a normal behavior, correspondent accountLocked DATA_VALUE must be false and unlockTime should be 0.

  1. UPDATE IDM.IDN_IDENTITY_USER_DATA SET DATA_VALUE=’false’ WHERE DATA_KEY=’http://wso2.org/claims/identity/accountLocked'
  2. UPDATE IDM.IDN_IDENTITY_USER_DATA SET DATA_VALUE=’0' WHERE DATA_KEY=’http://wso2.org/claims/identity/unlockTime';

After you have done updating the values, you need to restart the IS server. Because in the configurations we have setup originally, have stated after how long we need to unlock the account. Those data stored in the cache and our changes in the database won't get effected unless we do a restart.

That's pretty much it. Good luck.!

Wso2
Wso2is
Identity Server

--

--

ConcernedMonkey

Written by ConcernedMonkey

3 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams