This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The WSO2 Identity Server (WSO2 IS) supports self-registration and allows users to register themselves and receive email confirmations when the account is created.

The self-sign-up process creates the user account and locks the user account until the user confirms the account by clicking on the account confirmation mail that is sent by WSO2 IS.

If the user does not confirm the account before the expiry period, the user account is locked because it is assumed that the expired accounts are not used by the creator. Later on the system administrator can delete these accounts if needed making it a better way to manage resources. 

The following instructions guide you through setting up this feature.

From WSO2 IS 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implementation, which is the recommended approach for self-registration.

Alternatively, to see the steps on how to enable this identity management feature using the old implementation, see Self Sign Up and Account Confirmation documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatibility and can still be used if required.

Before you begin

Ensure that the "IdentityMgtEventListener" with the orderId=50 is set to false and that the Identity Listeners with orderId=95 and orderId=97 are set to true in the <IS_HOME>/repository/conf/identity/identity.xml file. 

<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" enable="true" />
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" enable="true">

Self sign up for super tenant users

Follow the steps given below to register users for the super tenant, which is carbon.super.

  1. Configure the following email settings in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 

    mail.smtp.fromProvide the email address of the SMTP account.
    mail.smtp.userProvide the username of the SMTP account.
    mail.smtp.passwordProvide the password of the SMTP account.
    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
            based authentication rather username/password authentication -->
        <property key="mail.smtp.from">abcd@gmail.com</property>
        <property key="mail.smtp.user">abcd</property>
        <property key="mail.smtp.password">xxxx</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
    </adapterConfig>

    Tip: The email template used to send this email notification is the AccountConfirmation template.

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

  2. Start the WSO2 IS and log in to the management console: https://<IS_HOST>:<IS_PORT>/carbon 
    If you started WSO2 IS previously, make sure to stop it and start it again for the email settings to get updated in the pack.
  3. Click Resident under Identity Providers on the Main tab and expand the Account Management Policies tab.
  4. Expand the User Self Registration tab and configure the following properties as required. 

    FieldDescription
    Enable Self User RegistrationSelect to enable self registration.
    Enable Account Lock On Creation EnabledSelect to enable account locking during self registration.
    Enable Notification Internally ManagementSelect if you want the notification handling to be managed by the WSO2 Identity Server. If the client application handles notification sending already, unselect it. This check only applies if Security Question Based Password Recovery is enabled.
    Enable reCaptchaSelect to enable reCaptcha for the self sign up flow. See Configuring reCaptcha for Password Recovery Flow for more information.
    User self registration code expiry time

    Set the number of minutes for which the verification code should be valid. The verification code that is provided to the user to initiate the self sign-up flow will be invalid after the time specified here has elapsed.

    Alternatively, you can configure the expiry time in the identity.xml configuration file.

    <SelfRegistration>
        <VerificationCode>
            <ExpiryTime>1440</ExpiryTime>
        </VerificationCode>
    </SelfRegistration>

  5. Expand the Login Policies tab, then the  Account Locking tab and select Account Lock Enabled and click Save.
    This allows the account to be locked until the user confirms the account. Once the user activates the account through the email received, the account is unlocked. For more information about account locking, see  User Account Locking and Account Disabling

Now, you can move on to try out self-sign up.

For information on the REST APIs for self sign-up, see Self Sign Up Using REST APIs.

Self-sign up for tenant users

This is available only as a WUM update and is effective from 15th January 2018 (2018-1-15). For more information on updating WSO2 Identity Server, see Updating WSO2 Products.

Follow the steps given below to register a user for a specific tenant domain.

Before you begin!

Make sure you have one or more tenants. For more information, see Creating and Managing Tenants

  1. Configure the following email settings in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 

    mail.smtp.fromProvide the email address of the SMTP account.
    mail.smtp.userProvide the username of the SMTP account.
    mail.smtp.passwordProvide the password of the SMTP account.
    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
            based authentication rather username/password authentication -->
        <property key="mail.smtp.from">abcd@gmail.com</property>
        <property key="mail.smtp.user">abcd</property>
        <property key="mail.smtp.password">xxxx</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
    </adapterConfig>

    Tip: The email template used to send this email notification is the AccountConfirmation template.

    You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

  2. Start the WSO2 IS server and log in to the tenant domain from the management console: https://<IS_HOST>:<IS_PORT>/carbon  
    If you started WSO2 IS previously, make sure to stop it and start it again for the email settings to get updated in the pack.

  3. Navigate to Main tab>Identity Providers>Resident and expand Account Management Policies tab
  4. Expand the User Self Registration tab and configure the following properties as required. 

    FieldDescription
    Enable Self User RegistrationSelect to enable self-registration.
    Enable Account Lock On Creation EnabledSelect to enable account locking during self-registration.
    Enable Notification Internally ManagementSelect if you want the notification handling to be managed by the WSO2 Identity Server. If the client application handles notification sending already, unselect it. This check only applies if Security Question Based Password Recovery is enabled.
    Enable reCaptchaSelect to enable reCaptcha for the self-sign up flow. See Configuring reCaptcha for Password Recovery Flow for more information.
    User self registration code expiry time

    Set the number of minutes for which the verification code should be valid. The verification code that is provided to the user to initiate the self sign-up flow will be invalid after the time specified here has elapsed.

    Alternatively, you can configure the expiry time in the identity.xml configuration file.

    <SelfRegistration>
        <VerificationCode>
            <ExpiryTime>1440</ExpiryTime>
        </VerificationCode>
    </SelfRegistration>

  5. Expand the  Login Policies tab, then the  Account Locking tab and select Account Lock Enabled and click Update.
    This allows the account to be locked until the user confirms the account. Once the user activates the account through the email received, the account is unlocked. For more information about account locking, see  User Account Locking and Account Disabling

Try out self sign up

  1. Access the WSO2 Identity Server dashboard.
  2. Click the Register Now? link. 
    Once the user has registered, first you receive an account lock email because the account is locked until you confirm the account and then you receive an account confirmation email.

    Register Users for a Tenant

    If you want to self sign up a user for a specific tenant, you need to provide the Username in the following format: <USERNAME>@<TENAND_DOMAIN>

    For example, if you have a tenant domain as foo.com, the username needs to be kim@foo.com
  3. Click Confirm Registration in the email or copy the link in the email to your browser to confirm the account.
    Once you confirm the account, the account is unlocked and an email is sent.

Want to resend the confirmation email?

Follow the steps given below to resend the confirmation email.

  1. Access the WSO2 Identity Server dashboard and try to login with the user you just registered.
    The user account should not be activated for the user, which means you should not have confirmed the account.

  2. Click on the Re-send link to resend the email. 

Tip: The email template used to resend the confirmation email notification is the ResendAccountConfirmation template.

You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.

By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the  identity.xml  file. See Configuring Claims for more information on how to store the claim values in the user store.

  • No labels