This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Self Sign Up and Account Confirmation
The WSO2 Identity Server (WSO2 IS) supports self-registration and allows users to register themselves and receive email confirmations when the account is created.
The self-sign-up process creates the user account and locks the user account until the user confirms the account by clicking on the account confirmation mail that is sent by WSO2 IS.
If the user does not confirm the account before the expiry period, the user account is locked because it is assumed that the expired accounts are not used by the creator. Later on the system administrator can delete these accounts if needed making it a better way to manage resources.
The following instructions guide you through setting up this feature.
From WSO2 IS 5.3.0 onwards there is a new implementation for identity management features. The steps given below in this document follows the new implementation, which is the recommended approach for self registration.
Alternatively, to see the steps on how to enable this identity management feature using the old implementation, see Self Sign Up and Account Confirmation documentation in WSO2 IS 5.2.0. The old implementation has been retained within the WSO2 IS pack for backward compatibility and can still be used if required.
Before you begin
Ensure that the "IdentityMgtEventListener" with the orderId=50 is set to false and that the Identity Listeners with orderId=95 and orderId=97 are set to true in the <IS_HOME>/repository/conf/identity/identity.xml file.
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="false"/>
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" enable="true" />
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" enable="true">Self sign up for super tenant users
Follow the steps given below to register users for the super tenant, which is carbon.super.
Configure the following email settings in the <
IS_HOME>/repository/conf/output-event-adapters.xmlfile.<adapterConfig type="email"> <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust based authentication rather username/password authentication --> <property key="mail.smtp.from">abcd@gmail.com</property> <property key="mail.smtp.user">abcd</property> <property key="mail.smtp.password">xxxx</property> <property key="mail.smtp.host">smtp.gmail.com</property> <property key="mail.smtp.port">587</property> <property key="mail.smtp.starttls.enable">true</property> <property key="mail.smtp.auth">true</property> <!-- Thread Pool Related Properties --> <property key="minThread">8</property> <property key="maxThread">100</property> <property key="keepAliveTimeInMillis">20000</property> <property key="jobQueueSize">10000</property> </adapterConfig>Start the WSO2 IS and log in to the management console:
https://<IS_HOST>:<IS_PORT>/carbon
If you started WSO2 IS previously, make sure to stop it and start it again for the email settings to get updated in the pack.Navigate to Main tab > Identity Providers > Resident and expand Account Management Policies tab
Expand the User Self Registration tab and configure the following properties as required.
Expand the Login Policies tab, then the Account Locking tab and select Account Lock Enabled and click Update.
This allows the account to be locked until the user confirms the account. Once the user activates the account through the email received, the account is unlocked. For more information about account locking, see User Account Locking and Account Disabling.
Now, you can move on to try out self sign up.
For information on the REST APIs for self sign-up, see Self Sign Up Using REST APIs.
Self sign up for tenant users
Follow the steps given below to register a user for a specific tenant domain.
Before you begin!
Make sure you have one or more tenants. For more information, see Creating and Managing Tenants
Configure the following email settings in the <
IS_HOME>/repository/conf/output-event-adapters.xmlfile.<adapterConfig type="email"> <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust based authentication rather username/password authentication --> <property key="mail.smtp.from">abcd@gmail.com</property> <property key="mail.smtp.user">abcd</property> <property key="mail.smtp.password">xxxx</property> <property key="mail.smtp.host">smtp.gmail.com</property> <property key="mail.smtp.port">587</property> <property key="mail.smtp.starttls.enable">true</property> <property key="mail.smtp.auth">true</property> <!-- Thread Pool Related Properties --> <property key="minThread">8</property> <property key="maxThread">100</property> <property key="keepAliveTimeInMillis">20000</property> <property key="jobQueueSize">10000</property> </adapterConfig>Start the WSO2 IS server and log in to the tenant domain from the management console:
https://<IS_HOST>:<IS_PORT>/carbon
If you started WSO2 IS previously, make sure to stop it and start it again for the email settings to get updated in the pack.Click Resident under Identity Providers on the Main tab and expand the Account Management Policies tab.
Expand the User Self Registration tab and configure the following properties as required.
Expand the Login Policies tab, then the Account Locking tab and select Account Lock Enabled.
This allows the account to be locked until the user confirms the account. Once the user activates the account through the email received, the account is unlocked. For more information about account locking, see User Account Locking and Account Disabling.
Try out self sign up
Access the WSO2 Identity Server dashboard.
Click the Register Now? link.
Once the user has registered, first you receive an account lock email because the account is locked until you confirm the account and then you receive an account confirmation email.Click Confirm Registration in the email or copy the link in the email to your browser to confirm the account.
Once you confirm the account, the account is unlocked and an email is sent.
Follow the steps given below to resend the confirmation email.
Access the WSO2 Identity Server dashboard and try to login with the user you just registered.
The user account should not be activated for the user, which means you should not have confirmed the account.Click on the Re-send link to resend the email.
Tip: The email template used to resend the confirmation email notification is the ResendAccountConfirmation template.
You can edit and customize the email template. For more information on how to do this, see Customizing Automated Emails.
Related Links
By default, the claim values of the identity claims used in this feature are stored in the JDBC datasource configured in the identity.xml file. See Configuring Claims for more information on how to store the claim values in the user store.