Self-Registration: Activating account via e-mailed link

0 Likes
over 10 years ago
Self-Registration can be useful for external users. And a process that allows for validation of the e-mail address before activating the account is adding a layer of confidence versus who the requester is.

Here is a simple example that you can customize to meet your needs.

First let's look at the Self-Registration validation process.





Click to view.


Figure 1: Welcome Page for IdM 4(RBPM).










Click to view.


Figure 2: Self-Registration page.











Click to view.


Figure 3: Account is disabled upon Self-Registration account creation.











Click to view.


Figure 4: User receives e-mail via e-mail address typed in the self-registration form. The e-mail includes validation link.










Click to view.


Figure 5: User is directed to web form for activating the account. Additionally, the user must agree to the Terms & Conditions, otherwise account will not be activated.










Click to view.


Figure 6: Once user agrees to the Ts&Cs(checkbox is checked) account will be activated.











Click to view.


Figure 7: User can now login to IdM and other auto-provisioned apps(via IdM drivers).





What's required?



First, you need to configure Self-Registration in IdM. You can follow these instructions: TID: 3002868 - How to allow anonymous users to self register to the User Application Portal



N.B. You need to grant trustee write rights(All attributes rights) at the OU level to the Public user.

Then you need a Null or Loopback driver to:

  1. Disable the account upon self-reg creation;

  • Generate a unique key for the validation link, and store it in an attribute;

  • Send the e-mail to the user;

  • Check for when the user validates the account and enable it.









Click to view.


Figure 8: Null Driver rule that disables the user, generate a unique key, and send the e-mail.










Click to view.


Figure 9: Null driver rule that watches for account validation.










Click to view.


Figure 10: Null driver filter.











Click to view.


Figure 11: Null driver configuration, pointing to ECMA/Javascript function to generate MD5 hash.





The zip download includes and export of the ECMA MD5 hash function, the Null Driver policy, and the war archive that includes the jsp form for e-mail validation.

N.B. I am using the admin account to write the attribute in the vault using the jsp form, but for a real deployment, a special account with only access to the single attribute selected would be appropriate.

For the war, I just deployed it on JBoss which I also use to run IdM(RBPM). You can access the JBoss console using http://idm_server_address:port (admin/admin is default).







Click to view.


Figure 12: Deploying war on JBoss.





Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended