This documentation is for WSO2 Identity Server 5.3.0. View documentation for the latest release.
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Configuring reCaptcha for Self Registration - Identity Server 5.3.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

Self registration is an important feature when in comes to commercial applications. This feature allows the users the privilege of being a part of your community without you having to go through the hassle of adding them.

This topic guides you through configuring reCaptcha for the self registration flow. By configuring reCaptcha, you can mitigate or block brute force attacks.

There are two ways to configure this feature.

The instructions for both these approaches are as follows.

Configuring self-registration with reCaptcha for a tenant

To configure self-registration with reCaptcha for a specific tenant:

  1. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha
  2. Start the WSO2 Identity Server and log in to the management console.
  3. Click on List under Identity Providers on the Main tab and then click Resident Identity Provider
  4. Expand the Account Management Policies tab and then expand the User Self Registration tab. 
  5. Select the Enable reCaptcha checkbox to enable reCaptcha for the self registration flow. 
  6. You have now successfully configured reCaptcha for the self registration flow. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip: If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

     

  7. Click the Register Now link.
     
  8. At the end of the registration, the following reCaptcha window appears. 

Configuring self-registration with reCaptcha globally

To configure self-registration with reCaptcha globally:

  1. Navigate to the <IS_HOME>/repository/conf/identity/identity.xml file and uncomment the following configuration block.

    Tip: To avoid any configuration issues, do this before starting up the WSO2 Identity Server product instance.

    <SelfRegistration>
          <Enable>true</Enable>
          <LockOnCreation>true</LockOnCreation>
          <Notification>
              <InternallyManage>true</InternallyManage>
          </Notification>
          <ReCaptcha>true</ReCaptcha>
    </SelfRegistration>

    The following table lists out more information pertaining to these configurations.

    ConfigurationDescription
    Enable
    Set this to true to enable this configuration at a global level.
    LockOnCreation
    Setting this to true ensures that the user's account is locked on creation.
    InternallyManage
    Setting this value to true ensures the internal email sending module is enabled. However, setting this to false ensures that the email sending data is available to the application via a Web service. The application can send the email using its own email sender.
    ReCaptcha
    Set this to true to enable reCaptcha for self-registration globally.
  2. Some listeners must be enabled in order for this to work when the operations are invoked. In the same identity.xml file make sure the following configs are enabled/disabled. 

    Tip: These are usually set by default in the product unless you have made any changes.

    <EventListener ype="org.wso2.carbon.user.core.listener.UserOperationEventListener"name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="false"/> 
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" enable="true"> 
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener orderId="90" enable="true"/>
  3. Configure the email settings for the self-registration process. Configure email setting in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 

    Tip: Search for the word 'email' in the file and you can find the required configuration block. Provide the email provider information and save the file.

    <adapterConfig type="email">
            <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
            based authentication rather username/password authentication -->
            <property key="mail.smtp.from">abcd@gmail.com</property>
            <property key="mail.smtp.user">abcd</property>
            <property key="mail.smtp.password">xxxx</property>
            <property key="mail.smtp.host">smtp.gmail.com</property>
            <property key="mail.smtp.port">587</property>
            <property key="mail.smtp.starttls.enable">true</property>
            <property key="mail.smtp.auth">true</property>
            <!-- Thread Pool Related Properties -->
            <property key="minThread">8</property>
            <property key="maxThread">100</property>
            <property key="keepAliveTimeInMillis">20000</property>
            <property key="jobQueueSize">10000</property>
    </adapterConfig>
  4. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.
  5. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip: If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

     

  6. Click the Register Now link.
     
  7. Enter the account creation details and note that reCaptcha is available.
     
  • No labels