WSO2 Identity Server - How to Change User Password As a Tenant Admin

Question

I want to change the password of a particular user as a tenant admin. I saw UserIdentityManagementAdminService.wsdl has a function called changeUserPassword but this only accepts old password and new password, not username.

I know of the resetUserPassword but I do not want to use this since I want to change the password only when oldPassword is correctly provided.

Answer 1

If you use UserAdmin service's [1] changePasswordByUser method, still you need to provide the old password of the user. Here is the SOAP request.

<Envelope>
   <Header/>
   <Body>
      <changePasswordByUser>
         <userName>?</userName>
         <oldPassword>?</oldPassword>
         <newPassword>?</newPassword>
      </changePasswordByUser>
   </Body>
</Envelope>

[1] https://localhost:9443/services/UserAdmin?wsdl

Answer 2

It is possible to use UserAdmin service changePasswordByUser to change the password as a user. In Identity Server 5.0.7, the web service accepts username as a parameter.

Answer 3

Admin user updating user password by sending username and old password is not a valid use case in my opinion. We can't expect admin user to know the password of a different user.

You can either use resetUserPassword method or otherwise you need to change password as the user himself, you need to use the changeUserPassword by using the cookie that user get at the login time.