This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Self Sign Up and Account Confirmation

Owned by Former user (Deleted)
Last updated: Jul 24, 2014
2 min read

You can register a user and get the confirmation by the user through the email which helps to confirm an actual user.

The self sign up process creates the user and locks the user account until the user confirmation is received. The created user has an expiry period which, if exceeded, ensures the account cannot be unlocked. The expired accounts are not actually used by the creator and may have been forgotten long ago. The system administrator can later delete these accounts if needed, hence making this a better way to manage the resources.

The following service API can be used for the sign up and confirmation: https://localhost:9443/services/UserInformationRecoveryService?wsdl.

  1. You need to define the following claims and map them with correct attributes in the underlying data store.

    http://wso2.org/claims/identity/accountLocked
    http://wso2.org/claims/identity/passwordTimestamp

    About usage in tenants

    If you wish to have a set of claims for all tenants, you must add those claims to the <PRODUCT_HOME>/repository/conf/claim-mgt.xml file prior to the first startup and then start the server. If you do not require these claims for all tenants, then it should be added via the UI of specific tenants as instructed here.

  2. Configure the identity­-mgt.properties file found in <PRODUCT_HOME>/repository/conf/security/ with the following:

    Identity.Listener.Enable=true

    Notification.Sending.Internally.Managed=true

    Authentication.Policy.Account.Lock.On.Creation=true

    Notification.Expire.Time=7200

    Notification.Sending.Enable=true 

    Authentication.Policy.Enable=true 

  3. Configure the email­-admin­-config.xml file found in <PRODUCT_HOME>/repository/conf/email/ with the email template of type “accountConfirmation”. The following is a sample template:

    <configuration type="accountConfirmation">
	<targetEpr>https://localhost:8443/InfoRecoverySample/validate</targetEpr>
	<subject>WSO2 Carbon ­ Account Confirmation</subject>
	<body>
		Hi {first-­name},


		You have created an account with following user name User Name: {user­-name}


		Please click the following link to unlock. If clicking the link doesn't seem to work, you can copy and paste the link into your browser's address window.


		{confirmation-­link}
	</body>
	<footer>
		Best Regards,
		WSO2 Identity Server Team
		http://www.wso2.com
	</footer>
	<redirectPath></redirectPath>
</configuration>

Self Sign Up

The sequence of services calls are described below for self sign up.

  1. getUserIdentitySupportedClaims() ­- Set of claims to which the user profile details should be saved in the Identity Server.
  2. registerUser() -­ This registers a user in the system. You need to pass values like user name, password, claim attributes and values returned from the previous call and the tenant domain. The confirmation code is sent by email to the given email address.

Confirm Account

The sequence of service calls are described below for account confirmation.

  1. getCaptcha() -­ Get the captcha for the current request.
  2. confirmUserSelfRegistration() -­ The confirmation code sent to user account, user name, captcha details and tenant domain needs to be passed to the call. Upon successful verification the account is unlocked. Also the verification status is returned to the caller.