The new WSO2 Identity Server 5.3.0 (or Identity & Access Management Solution as it is now known) allows you to (that is no surprise) manage Identity and Access management.
One of the functions it supports is self sign-up of users using the WSO2 IS Dashboard. In many cases you have an existing set of users but there might be situations where you would actually like users to self sign-up. In this WSO2 tutorial (WSO2TORIAL) we will show how you setup that functionality.
There are two ways of setting up the functionality. The best way is to use the REST API that comes with the product. It is not so much that you need to invoke the API yourself, but rather that you change the configuration.
There is also a way to do it with SOAP however the documentation does not reflect the right parameters at this moment (end of February 2017) and it is more work do we focus on REST for now. We will actually post the SOAP instructions when the documentation is up to date.
Step 1: Enabling the listener
Enable the Identity Listener by enabling the following REST API listeners (set orderId=95and orderId=97 to true) and disabling the SOAP listener (set the listener with orderId=50 to false, this is BTW the default setting) in the
Step 2: configure the email settings
Since the self sign-up concern clicking on a link that is emailed to you we need to configure the email settings in the
In this case we took a dummy gmail account (with also a typo in the screenshot, do you spot it?) that uses Google’s gmail. The process is straight forward by giving the right userid and password together with host and port details.
Step 3 Editing the Resident Identity Providers
We now need to make changes to the identity server and most significantly the Resident Identity provider in order to allow self sign-up.
Start the product as you would normally and log in using your admin credentials (in a new installation that is admin/admin).
Select the Resident Identity provider:
Select User Self Registration and select the Enable self user registration (what’s in a name):
The other settings are the default values so you can leave them as they are.
Next step is to make changes to the account locking. We will move away from the default values and enter our own. What these values do is to limit the amount of tries a user has to log in and govern the account unlock time as well as the time increment.
This is the default value:
And this is what we are doing with it:
We should now be able to self register at the Identity server. This self registration will use a set of permissions that is different from internal/everyone. The set is internal / selfsignup and allows the user to login.
Entering the new user
We log in to the dashboard, e.g. at https://localhost:9443/dashboard (when IS is installed on your local machine) and select Register Now.
We enter user details, in this case the well-known John Doe:
Keep in mind that if a user already exists you will get an error code. For me this happened when I made a typo in the mail credentials and the mail was not send. The account is blocked and I needed to remove the account using admin credentials to get it up and running.
You will also so that the name from and to in the email are the same. This makes sense since this is a blog about this function and not an operational deployment. In that case you will use a new email address (e.g. registration@[yourDOMAIN.COM] or alike) to send out the email.
I check the gmail account and see that I have an email with a very lengthy link for me to click.
On doing so, I am able to log in on the dashboard and look at my details (among other things).
The actual layout of the email can be changed via the management UI as shown below or using an XML editor (not shown).
So there you have it. You can now allow users to self signup to your Identity Server.
There are a lot more possibilities with the new WSO2 IS 5.3.0 as far as accounts go which we will cover in subsequent blogs.
If you have any questions about this blogpost contact us via the comments section of this blog. View also our WSO2 Tutorials, webinars or white papers for more technical information. Need support? We do deliver WSO2 Product Support, WSO2 Development Support, WSO2 Operational Support and WSO2 Training Programs.