Reputation: 990
WSO2-IS - Giving "Invalid Code" after reset password
I'm trying to create a password to a new user created on WSO2-IS 5.11.0 using the link sent by email, but I'm facing an error after click on Proceed:
In the log it doesn't show anything
Version: 5.11.0
Upvotes: 0
Views: 379
Answers (2)
Reputation: 990
I had to add a proxy_cookie_path attribute on NGinx to make cookies be sent on cross-site requests. By default WSO2 products use “Double Submit Cookie" and "Synchronize Token Pattern” to prevent CSRF attacks.
nginx.conf
location /is/ {
proxy_pass https://csm-wso2-is:9444/;
proxy_http_version 1.1;
proxy_redirect https://dev-web-mtz.close-upinternational.com/oauth2/ https://dev-web-mtz.close-upinternational.com/is/oauth2/;
proxy_redirect https://dev-web-mtz.close-upinternational.com/carbon/ https://dev-web-mtz.close-upinternational.com/is/carbon/;
proxy_redirect https://dev-web-mtz.close-upinternational.com/authenticationendpoint/ https://dev-web-mtz.close-upinternational.com/is/authenticationendpoint/;
proxy_redirect https://dev-web-mtz.close-upinternational.com/accountrecoveryendpoint/ https://dev-web-mtz.close-upinternational.com/is/accountrecoveryendpoint/;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
#Proxy headers
# Proxy timeouts
proxy_send_timeout 5m;
proxy_read_timeout 5m;
proxy_cookie_path / "/; SameSite=None";
}
According to WSO2 documentation: SameSite Attribute Support in WSO2 Products
Upvotes: 0
Reputation: 411
When you get the mail check the password recovery link that you have received. There are two ways that you can find the link.
- You can copy the link by right-clicking on the button.
- Recovery link at the bottom of the page.
You should see a recovery link as below.
https://localhost:9443/accountrecoveryendpoint/confirmrecovery.do?confirmation=ea626c2f-47f7-4184-b927-5f230686716c&userstoredomain=PRIMARY&username=sominda&tenantdomain=carbon.super&callback=https%3A%2F%2Flocalhost%3A9443%2Fauthenticationendpoint%2Flogin.do%3Fclient_id%3DMY_ACCOUNT%26code_challenge%3Dmiilh2DN9GCQwLQVBn8s99fc2_D9Q8YoCAFX7GA4dLs%26code_challenge_method%3DS256%26commonAuthCallerPath%3D%2Foauth2%2Fauthorize%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26redirect_uri%3Dhttps%3A%2F%2Flocalhost%3A9443%2Fmyaccount%2Flogin%26response_mode%3Dform_post%26response_type%3Dcode%26scope%3DSYSTEM+openid%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D1ca27665-1d5c-41f6-9e3e-e320139e2b94%26relyingParty%3DMY_ACCOUNT%26type%3Doidc%26sp%3DMy+Account%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL
Check the value for the confirmation param. According to what you have recieved the its value should be %s. This means that the recovery code is not properly set in the email.
The reason for this can be an error when updating the email template. The email template for password recovery should contain a placeholder for confirmation. Make sure the placeholder is as follows.
confirmation={{confirmation-code}}
This should resolve your issue.
Upvotes: 1
Related Questions
- WSO2 IS change password policy error message
- WSO2 Identity server not returning errors in login
- WSO2 Scim Password reset
- WSO2 IS 5.3.0 Impossible to unlock account
- WSO2 Basic Authentication returns error
- WSO2 Identity Server. Error when processing request
- Refresh token returns invalid grant type
- WSO2 Identity Server {password-reset-link}
- WSO2 identity server - forgot / reset / email password
- wso2 Identity Server Your account is not active