This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Self Sign Up and Account Confirmation - Identity Server 5.0.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

You can register a user and get the confirmation by the user through the email which helps to confirm an actual user.

The self sign up process creates the user and locks the user account until the user confirmation is received. The created user has an expiry period which, if exceeded, ensures the account cannot be unlocked. The expired accounts are not actually used by the creator and may have been forgotten long ago. The system administrator can later delete these accounts if needed, hence making this a better way to manage the resources.

The following service API can be used for the sign up and confirmation: https://localhost:9443/services/UserInformationRecoveryService?wsdl.

  1. Define the following claims and map them with correct attributes in the underlying data store. See Claim Management for more information on how to do this.

    About usage in tenants

    If you wish to have a set of claims for all tenants, you must add those claims to the <PRODUCT_HOME>/repository/conf/claim-mgt.xml file prior to the first startup and then start the server. If you do not require these claims for all tenants, then it should be added via the UI of specific tenants as instructed here.

    The following are the claims that must be mapped.

    • http://wso2.org/claims/identity/accountLocked - This claim is used to store the status of the user's account, i.e., if it is locked or not.

    • http://wso2.org/claims/identity/passwordTimestamp - This claim records the timestamp of when the user is self-registered.

      Note: The claim for the timestamp must be added. This is done so that the correct claim URI (http://wso2.org/claims/identity/passwordTimestamp) is mapped for this. See Adding New Claim Mapping for information on how to do this.

  2. Do the following configurations in the <PRODUCT_HOME>/repository/conf/security/identity­-mgt.properties file.

    Identity.Listener.Enable=true
    Notification.Sending.Internally.Managed=true
    Authentication.Policy.Account.Lock.On.Creation=true
    Notification.Expire.Time=7200
    Notification.Sending.Enable=true 
    Authentication.Policy.Enable=true 

    See the following table for descriptions of these configurations.

    ConfigurationDescription
    Identity.Listener.Enable=true
    This enables the identity listener.
    Notification.Sending.Internally.Managed=true
    This enables the internal email sending module. If false, the email sending data is available to the application via a Web service. Thus the application can send the email using its own email sender.
    Authentication.Policy.Account.Lock.On.Creation=true
     
     This enables locking the account when the account is created.
    Notification.Expire.Time=7200
    The time specified here is in minutes. In this case, the recovery expires after 7200 minutes.
    Notification.Sending.Enable=true

    This enables the email sending function when recovering the account and verifying the user creation

    Authentication.Policy.Enable=true
    This enables the authentication flow level checks for the account lock and account confirmation features. You must enable this to make the account confirmation feature work.
  3. Configure the email­-admin­-config.xml file found in <PRODUCT_HOME>/repository/conf/email/ with the email template of type “accountConfirmation”. The following is a sample template:

    <configuration type="accountConfirmation">
    <targetEpr></targetEpr>
            <subject>WSO2 Carbon - Account Confirmation</subject>
            <body>
    Hi {first-name},
    
    You have created an account with following user name
    
    User Name: {user-name}
    
    Please click the following link to unlock. If clicking the link doesn't seem to work, you can copy and paste the
    link into your browser's address window.
    
    https://localhost:8443/InfoRecoverySample/confirmReg?confirmation={confirmation-code}&amp;userName={user-name}
            </body>
            <footer>
    Best Regards,
    WSO2 Identity Server Team
    http://www.wso2.com
            </footer>
            <redirectPath></redirectPath>
    </configuration>
  4. Open the <IS_HOME>/repository/conf/axis2/axis2.xml file and uncomment the following email transportSender configurations. This is necessary because notification sending is internally managed. The configuration values provided are sample values therefore, provide your email details as required.

    <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">        
    		<parameter name="mail.smtp.from">wso2demomail@gmail.com</parameter>
            <parameter name="mail.smtp.user">wso2demomail</parameter>
            <parameter name="mail.smtp.password">mailpassword</parameter>
            <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
            <parameter name="mail.smtp.port">587</parameter>
            <parameter name="mail.smtp.starttls.enable">true</parameter>
            <parameter name="mail.smtp.auth">true</parameter>
    </transportSender>

Self Sign Up

The sequence of services calls are described below for self sign up.

  1. getUserIdentitySupportedClaims() ­- Set of claims to which the user profile details should be saved in the Identity Server.
  2. registerUser() -­ This registers a user in the system. You need to pass values like user name, password, claim attributes and values returned from the previous call and the tenant domain. The confirmation code is sent by email to the given email address.

Confirm Account

The sequence of service calls are described below for account confirmation.

  1. getCaptcha() -­ Get the captcha for the current request.
  2. confirmUserSelfRegistration() -­ The confirmation code sent to user account, user name, captcha details and tenant domain needs to be passed to the call. Upon successful verification the account is unlocked. Also the verification status is returned to the caller.
  • No labels