This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Setting Up ReCaptcha

reCAPTCHA is a free service provided by Google that can be used to protect against spam or other forms of internet abuse by verifying whether a user is a human or a robot. It comes in the form of a widget.

Let's learn how to set up and use reCaptcha with WSO2 Identity Server. 

How it works 

First, you will need to register and create an API key pair for the required domain. The key pair consists of a site key and site secret. The site key is used to display the reCaptcha widget on a web page. After the verification, a new parameter called  g-recaptcha-response  appears on the form, which can be submitted by the user. From the server side, you can verify the submitted captcha response by calling the Google API with the secret key.

Follow the steps below to configure this. 

Configuring reCAPTCHA API keys

  1. Register your identity server domain.

    1. Visit  https://www.google.com/recaptcha/admin.

    2. Provide the following details and click Submit.

      FieldDescriptionSample
      LableThis is a label to identify the site.WSO2 Identity Server
      reCAPTCHA typeThis is the type of the reCaptcha. SelectSelect either of the following
      • reCAPTCHA v2 > "I'm not a robot" Checkbox
      • recCAPTCHA v2 > Invisible reCAPTCHA badge
      DomainsThis defines the domain and the subdomains to which this registration applies to.is.wso2.com

    3. Click Submit. 

      Note that a site key and secret key get generated. Copy them for later use.

  2. Open the captcha-config.properties file located in the <IS_HOME>/repository/conf/identity/ directory and configure the following properties.

    # Google reCAPTCHA settings
    
    # Enable Google reCAPTCHA
    recaptcha.enabled=true
    
    # reCaptcha API URL
    recaptcha.api.url=https://www.google.com/recaptcha/api.js
    
    # reCaptcha verification URL
    recaptcha.verify.url=https://www.google.com/recaptcha/api/siteverify
    
    # reCaptcha site key
    recaptcha.site.key=<your site key>
    
    # reCaptcha secret key
    recaptcha.secret.key=<your site secret key> 
  3. Restart WSO2 Identity Server. 

You have successfully set up reCaptcha for your site. You can now configure reCaptcha with any of the following: 

Note

If you apply the WUM update released on the 25th of September 2018  for WSO2 IS 5.5.0, you can configure reCAPTCHA for the following account recovery scenarios as well: