Enabling One Time Password (OTP) in WSO2 Identity Server

OTP is an identity management feature which is allowing the user to have a new password each time when they login. This makes the user to secure from password theft and do not want to be annoyed to remember the password all the time.

Step 1

Set the following configurations in {carbon_home}/repository/conf/security/identity-mgt.properties file.

Identity.Listener.Enable=true

Notification.Sending.Enable=true

Notification.Expire.Time=7200

Notification.Sending.Internally.Managed=true

Authentication.Policy.Enable=true

Authentication.Policy.Check.OneTime.Password=true

Step 2

Start the identity server. Once after the server start up login to the portal as the admin user and set the following claim for the OTP and map it with a valid attribute with the underlying data store. 

http://wso2.org/claims/identity/otp

Make sure you have select Supported by Default attribute, so the OTP attribute will display by default in the user profile.

Step 3

Create a new user with the role permission to login to the IS portal. Then log in to the portal using new user credentials. Go to the user profile as shown below. Update the profile details and set the One Time Password attribute to true.

Step 4

Sign out from the user and you will get only permit to login only the next time with your current password. So once you logged out from the next login session you will get a mail from the portal with the details about your new password as follows;