"I Agree" - A Simple Recipe for Identity Manager Self-Registration


Submitted by Michel Bluteau

"I Agree" - A Simple Recipe for Identity Manager Self-Registration

The following article is a quick recipe on how to leverage simple client-side Javascript in order to force end-users to agree to Terms and Conditions (T&Cs) before accessing public pages for Identity Manager User Application portal.

It takes advantage of the iFrame gadget/portlet inherited from the days of NPS (Novell Portal Services), which is available from within User Application.

For our example, let's assume that we want to provide a Self-Registration page for new users so they can create an account for themselves the first time they access Identity Manager. Identity Manager 3.5 allows for pages or portlets to be made public without requiring authentication. Also, let's assume we want those new users to agree to the T&Cs before being able to access the Self-Registration service.

Setting Up Self-Registration

1. Under Portlet Admin, create a new instance of the Create portlet and name it Self-Registration. This is done by entering a unique name and clicking the Register button.

Click to view.

Figure 1

Figure 1: Creating a Self-Registration instance

2. Modify the settings so Requires Authentication is set to False. This will result in this new portlet being made available for non-authenticated users.

Click to view.

Figure 2

Figure 2: Setting "Requires Authentication" to False

3. Configure a Guest Username that will act as a LDAP Proxy User for creating the user objects. Refer to the documentation for more details.

Click to view.

Figure 3

Figure 3 - Configuring a Guest Username

4. You can also modify the Entity being used by the portlet, to control which objects can be created, and which attributes are being displayed.

Click to view.

Figure 4

Figure 4: Modifying the portlet Entity

5. To create a new Entity for our example, import my Entity using the file provided on the SelfRegisteredUser.xml page.

Click to view.

Figure 5

Figure 5: Creating a new Entity for the example

Here is the Self Registered User entity that allows for the customization of the Self-Registration portlet:

Click to view.

Figure 6

Figure 6: Self Registered User entity

6. Create a Virtual Entity for the Self-Registration portlet, as shown below.

Click to view.

Figure 7

Figure 7: Creating a Virtual Entity for the Self-Registration portlet

7. Create a new Page called Self-Registration, and put it in the Guest Pages category.

Click to view.

Figure 8

Figure 8: New Self-Registration page

8. Under Permissions, remove the checkmark for View Permission Set to Admin Only.

Click to view.

Figure 9

Figure 9: Permissions, checkmark removed

9. Under Arrange Content, add the iFrame portlet.

Click to view.

Figure 10

Figure 10: iFrame portlet added

10. Modify the properties for the iFrame portlet to point to your form for the Terms and Conditions and the I Agree Javascript.

Figure 11: Pointing the iFrame portlet to your form

Click to view.

Figure 11

In my example, I am using an instance of Tomcat(for iManager) to publish my Consent form. In practice, you could use an eCommerce web server solution, or any web server like Apache or IIS. You may want to use a server that can log these consents for audit purposes. If you decide to use Tomcat, you can just copy the form in /var/opt/novell/tomcat4/server/webapps/manager and access it with http://ip_address:port/manager/form1.html on Linux.

11. You can also modify the preferences for the iFrame portlet.

Click to view.

Figure 12

Figure 12: Modifying preferences for the iFrame portlet

Below is the code for the form1.html file; you can modify it with a text editor.

<title>My Page</title>
<script type="text/javascript">
function validate(form) {
// Checking if at least one period button is selected. Or not.

if(!document.form1.agree.checked){alert("You must agree to the Corporate Policy accessing this service");
return false; }

return true;

Corporate Policy<BR>
<p><b>ATTENTION</b>: Please read these terms carefully before using this website. Using this website indicates that you accept these terms.
If you do not accept these terms, do not use this website.</p>


<table border='0' width='50%' cellspacing='0' cellpadding='0' >
<form name=form1 method=post action="" onsubmit='return validate(this)'><input type=hidden name=todo value=post>

<tr bgcolor='#ffffff'><td align=center ><font face='verdana' size='2'>

<tr><td align=center bgcolor='#f1f1f1'><font face='verdana' size='2'><input type=checkbox name=agree value='yes'>I agree to terms and conditions </td></tr>
<tr bgcolor='#ffffff'><td align=center ><input type=submit value=Submit> <input type=reset value=Reset></td></tr>


form1.html includes some javascript client-side code that will force the user to put a checkmark in the I Agree box before being provided access to Self-Registration.

Accessing the Self-Registration Page

Let's now try to access the Self-Registration page.

1. Access the default page for Identity Manager
(http://ip_address:port/IDM) and you will see that our new Guest page, Self-Registration, is now available.

Click to view.

Figure 13

Figure 13: Guest page, Self-Registration, now available

2. On the Corporate Policy form that appears, select Self-Registration.

Click to view.

Figure 14

Figure 14: Selecting Self-Registration

Note that the URL being displayed in the browser does not change, which makes it transparent for the end-user. It also obfuscates direct access to the Policy document/form or Self-Registration portlet. A Web Access Management solution such as Novell Access Manager can be used to block the URLs for the Policy form and Self-Registration portlet, while allowing access to the Identity Manager URL, if we want to go beyond obfuscation and truly secure the access. The iFrame portlet will still be able to access the form and portlet.

3. If you click Submit without adding the checkmark in the I Agree box, access is denied and a warning pop-up box is displayed.

Click to view.

Figure 15

Figure 15: Access is denied - no checkmark in "I Agree"

4. Accept the Terms and Conditions, then move to the Self-Registration page and create a new account.

Click to view.

Figure 16

Figure 16: Creating a new account on the Self-Registration page

5. Select a password for the new account.

Click to view.

Figure 17

Figure 17: Selecting a password for the new account

The figure below shows a new account created with a password in eDirectory. The user is now ready to log in to Identity Manager or other services requiring an account/authentication.

Click to view.

Figure 18

Figure 18: New account created with a password in eDirectory


Hopefully, this example will allow you to create your own Self-Registration page or other page, and it will force end-users to agree with T&Cs before accessing the service.

Don't hesitate to provide me feedback from improvements or other ideas, or if you have questions. There is more than one way to accomplish this, so I am interested in obtaining your feedback.


How To-Best Practice
Comment List