fb
WSO2 Identity Server 3 min

WSO2TORIAL: Self Sign-Up in WSO2 Identity Server

Rob Blaauboer
Rob Blaauboer
Integration Consultant & WSO2 Trainer
WSO2torial rgb600
Scroll

WSO2torial_rgb600.pngThe new WSO2 Identity Server 5.3.0 (or Identity & Access Management Solution as it is now known) allows you to (that is no surprise) manage Identity and Access management.

One of the functions it supports is self sign-up of users using the WSO2 IS Dashboard. In many cases you have an existing set of users but there might be situations where you would actually like users to self sign-up. In this WSO2 tutorial (WSO2TORIAL) we will show how you setup that functionality.

Sign In WSO2 IS.png

Two ways

There are two ways of setting up the functionality. The best way is to use the REST API that comes with the product. It is not so much that you need to invoke the API yourself, but rather that you change the configuration.

There is also a way to do it with SOAP however the documentation does not reflect the right parameters at this moment (end of February 2017) and it is more work do we focus on REST for now. We will actually post the SOAP instructions when the documentation is up to date.

Step 1: Enabling the listener

Enable the Identity Listener by enabling the following REST API listeners (set orderId=95and orderId=97 to true) and disabling the SOAP listener (set the listener with orderId=50 to false, this is BTW the default setting) in the [IS_HOME]/repository/conf/identity/identity.xml file.

Enabling the listener - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

Step 2: configure the email settings

Since the self sign-up concern clicking on a link that is emailed to you we need to configure the email settings in the [IS_HOME]/repository/conf/outputeventadapters.xml file.

In this case we took a dummy gmail account (with also a typo in the screenshot, do you spot it?) that uses Google’s gmail. The process is straight forward by giving the right userid and password together with host and port details.

configure the email settings - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

Step 3 Editing the Resident Identity Providers

We now need to make changes to the identity server and most significantly the Resident Identity provider in order to allow self sign-up.

Start the product as you would normally and log in using your admin credentials (in a new installation that is admin/admin).

Select the Resident Identity provider:

Identity Provider-WSO2TORIAL- Self Sign-Up in WSO2 Identity serverpng.png

Select User Self Registration and select the Enable self user registration (what’s in a name):

User registration - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

The other settings are the default values so you can leave them as they are.

Next step is to make changes to the account locking. We will move away from the default values and enter our own. What these values do is to limit the amount of tries a user has to log in and govern the account unlock time as well as the time increment.

This is the default value:

default value - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

And this is what we are doing with it:

default value 2 - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

We should now be able to self register at the Identity server. This self registration will use a set of permissions that is different from internal/everyone. The set is internal / selfsignup and allows the user to login.

Permissions of the Role - WSO2TORIAL- Self Sign-Up in WSO2 Identity server-1.png

Entering the new user

We log in to the dashboard, e.g. at https://localhost:9443/dashboard (when IS is installed on your local machine) and select Register Now.

Entering the new user - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

We enter user details, in this case the well-known John Doe:

Create an account - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

Keep in mind that if a user already exists you will get an error code. For me this happened when I made a typo in the mail credentials and the mail was not send. The account is blocked and I needed to remove the account using admin credentials to get it up and running.

You will also so that the name from and to in the email are the same. This makes sense since this is a blog about this function and not an operational deployment. In that case you will use a new email address (e.g. registration@[yourDOMAIN.COM] or alike) to send out the email.

User already exist - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

I check the gmail account and see that I have an email with a very lengthy link for me to click.

Check email - WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

On doing so, I am able to log in on the dashboard and look at my details (among other things).

User portal-WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

The actual layout of the email can be changed via the management UI as shown below or using an XML editor (not shown).

Management UI-WSO2TORIAL- Self Sign-Up in WSO2 Identity server.png

So there you have it. You can now allow users to self signup to your Identity Server.

There are a lot more possibilities with the new WSO2 IS 5.3.0 as far as accounts go which we will cover in subsequent blogs.

If you have any questions about this blogpost contact us via the comments section of this blog. View also our WSO2 Tutorialswebinars or white papers for more technical information. Need support? We do deliver WSO2 Product Support, WSO2 Development SupportWSO2 Operational Support and WSO2 Training Programs.

Full API lifecycle Management Selection Guide

WHITEPAPER

smartmockups l0qqucke