This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring reCaptcha for Self Registration

Owned by Former user (Deleted)
Jan 11, 2018
4 min read

Self registration is an important feature when in comes to commercial applications. This feature allows the users the privilege of being a part of your community without you having to go through the hassle of adding them.

This topic guides you through configuring reCaptcha for the self registration flow. By configuring reCaptcha, you can mitigate or block brute force attacks.

There are two ways to configure this feature.

The instructions for both these approaches are as follows.

Configuring self-registration with reCaptcha for a tenant

To configure self-registration with reCaptcha for a specific tenant:

  1. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha. 
  2. Start the WSO2 Identity Server and log in to the management console.
  3. Click on List under Identity Providers on the Main tab and then click Resident Identity Provider. 
  4. Expand the Account Management Policies tab and then expand the User Self Registration tab. 
  5. Select the Enable reCaptcha checkbox to enable reCaptcha for the self registration flow. 

  6. You have now successfully configured reCaptcha for the self registration flow. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip: If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

     

  7. Click the Register Now link.
     
  8. At the end of the registration, the following reCaptcha window appears. 

Configuring self-registration with reCaptcha globally

To configure self-registration with reCaptcha globally:

  1. Navigate to the <IS_HOME>/repository/conf/identity/identity.xml file and uncomment the following configuration block.

    Tip: To avoid any configuration issues, do this before starting up the WSO2 Identity Server product instance.

    <SelfRegistration>
      <Enable>true</Enable>
      <LockOnCreation>true</LockOnCreation>
      <Notification>
          <InternallyManage>true</InternallyManage>
      </Notification>
      <ReCaptcha>true</ReCaptcha>
</SelfRegistration>

    The following table lists out more information pertaining to these configurations.

    ConfigurationDescription
    Enable
    		Set this to true to enable this configuration at a global level.
    LockOnCreation
    		Setting this to true ensures that the user's account is locked on creation.
    InternallyManage
    		Setting this value to true ensures the internal email sending module is enabled. However, setting this to false ensures that the email sending data is available to the application via a Web service. The application can send the email using its own email sender.
    ReCaptcha
    		Set this to true to enable reCaptcha for self-registration globally.

  2. Some listeners must be enabled in order for this to work when the operations are invoked. In the same identity.xml file make sure the following configs are enabled/disabled. 

    Tip: These are usually set by default in the product unless you have made any changes.

    <EventListener ype="org.wso2.carbon.user.core.listener.UserOperationEventListener"name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="false"/> 
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" enable="true"> 
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener orderId="90" enable="true"/>

  3. Configure the email settings for the self-registration process. Configure email setting in the <IS_HOME>/repository/conf/output-event-adapters.xml file. 

    Tip: Search for the word 'email' in the file and you can find the required configuration block. Provide the email provider information and save the file.

    <adapterConfig type="email">
        <!-- Comment mail.smtp.user and mail.smtp.password properties to support connecting SMTP servers which use trust
        based authentication rather username/password authentication -->
        <property key="mail.smtp.from">abcd@gmail.com</property>
        <property key="mail.smtp.user">abcd</property>
        <property key="mail.smtp.password">xxxx</property>
        <property key="mail.smtp.host">smtp.gmail.com</property>
        <property key="mail.smtp.port">587</property>
        <property key="mail.smtp.starttls.enable">true</property>
        <property key="mail.smtp.auth">true</property>
        <!-- Thread Pool Related Properties -->
        <property key="minThread">8</property>
        <property key="maxThread">100</property>
        <property key="keepAliveTimeInMillis">20000</property>
        <property key="jobQueueSize">10000</property>
</adapterConfig>
  4. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.

  5. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip: If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

     

  6. Click the Register Now link.
     
  7. Enter the account creation details and note that reCaptcha is available.
    Â