Showing posts from June, 2016

Configuring an email notification to define user password

This blog will discuss how to configure an auto generate email to define the password when creating a user via management console. In WSO2 Identity Server there is an inbuilt feature called 'Ask Password' to fulfill this requirement. Lets look at how to implement this in other wso2 products.

'Ask Password' is a feature that comes with wso2 Identity Server. The purpose of this feature is to allow the users to decide there own password rather than defining a password by the server administration and allow the user to change the defined password.

So let me move on to the purpose of writing this blog.

While I was working with WSO2 API Manager, I got a requirement that the APIM administrator wants to create users via APIM management console, but the administrator wants to allow the users to define a password by the user itself. This requirement can be fulfilled using the 'Ask Password' feature available in wso2 Identity Server.

Scenario APIM Administrator creates a…

Encrypting sensitive information in configuration files

Encrypting information  I thought to start from basics before dig in to the target topic. So lets look at what is "encrypting".

Encrypting information is converting information in to another format, which is hard to understood. As we all know encrypting information is really useful to secure sensitive data.

In wso2 products, there is an inbuilt 'Secure Vault' implementation to encrypt plain text information in the configuration files to provide more security.

In this post I will not discuss about the secure vault implementation in details. You can refer 'secure vault implementation' to get more insight about it.
In wso2 products based on carbon 4.4.0 or later visions, 'Ciper Tool' feature is installed by default, therefore you can easily use that to encrypt sensitive information in the configuration file. 

Lets move on to the main purpose of this blog.

We already know that we can use ciper tool encrypt the information in configuration files. But can…