This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The WSO2 Identity Server supports self-registration and allows a user to register their own accounts and receive email confirmation when the account is created.

The self sign up process creates the user and locks the user account until the user confirmation is received. The created user has an expiry period which, if exceeded, ensures the account cannot be unlocked. The expired accounts are not actually used by the creator and may have been forgotten long ago. The system administrator can later delete these accounts if needed, hence making this a better way to manage the resources. 

The following instructions guide you through setting up this feature.

From 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implemenation which is the recommended approach for self registration.

Alternatively, to see steps on how to enable this identity management feature using the old implementation, see Self Sign Up and Account Confirmation documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatitbility and can still be used if required.

Before you begin

Ensure that the "IdentityMgtEventListener" with the orderId=50 is set to false and that the Identity Listeners with orderId=95 and orderId=97 are set to true in the <IS_HOME>/repository/conf/identity/identity.xml file. 

<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" enable="true" />
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" enable="true">
  1. Configure the following email settings in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 
    The email address configured here is the email account that will be used to send the self sign up email notifications to users. 

    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
            based authentication rather username/password authentication -->
        <property key="mail.smtp.from">abcd@gmail.com</property>
        <property key="mail.smtp.user">abcd</property>
        <property key="mail.smtp.password">xxxx</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
    </adapterConfig>

    Tip: The email template used to send this email notification is the AccountConfirmation template.

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

  2. Start the WSO2 IS server and login to the management console.
  3. Click Resident under Identity Providers on the Main tab and expand the Account Management Policies tab.
  4. Expand the User Self Registration tab and configure the following properties as required. 

    FieldDescription
    Enable Self User RegistrationSelect to enable self registration.
    Enable Account Lock On Creation EnabledSelect to enable account locking during self registration.
    Enable Notification Internally ManagementSelect if you want the notification handling to be managed by the WSO2 Identity Server. If the client application handles notification sending already, unselect it. This check only applies if Security Question Based Password Recovery is enabled.
    Enable reCaptchaSelect to enable reCaptcha for the self sign up flow. See Configuring reCaptcha for Password Recovery Flow for more information.
    User self registration code expiry time

    Set the number of minutes for which the verification code should be valid. The verification code that is provided to the user to initiate the self sign-up flow will be invalid after the time specified here has elapsed.

    Alternatively, you can configure the expiry time in the identity.xml configuration file.

    <SelfRegistration>
        <VerificationCode>
            <ExpiryTime>1440</ExpiryTime>
        </VerificationCode>
    </SelfRegistration>
  5. Enable Account Locking to support self-registration with email confirmation. To do this, expand the Login Policies tab, then the Account Locking tab and select Account Lock Enabled. For more information about account locking, see User Account Locking

    This configuration is required because the user account needs to be locked when the user first creates it using the self sign-up flow. Once the user activates the account through the email received, the account is unlocked. 

For information on the REST APIs for self sign-up, see Self Sign Up Using REST APIs.

Try out self sign-up

  1. Create a user using the management console. Ensure that the user has login permissions. 
  2. Edit the user profile and enter an email address for the user. The email notification for account confirmation is sent to the email address given here. 
  3. Access the WSO2 Identity Server dashboard.
  4. Click the Register Now? link. Once the user has registered, an account confirmation email is sent to the user's email address.
  5. To resend the confirmation email, access the WSO2 Identity Server dashboard and try to login with the registered user who has not yet been activated. You will see the following screen.
    Click on the Re-send link to resend the email. 

    Tip: The email template used to resend the confirmation email notification is the ResendAccountConfirmation template.

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails

Related Links
  • By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the identity.xml file. See Configuring Claims for more information on how to store the claim values in the user store.
  • No labels