I want to use the WSO2-IS (5.5.0) as Identity Provider for my various applications and enable single sing-on for all of them.
I have added one of my app as service provider and configured the Oauth/OpenID Connector it.
Because I want to allow my users to signup by themselves, I have enabled 'Self User Registration' under Account Management Policies in Resident Identity Provider.
So When I try to self signup, I receive the sign up page with bunch of form fields which I want to edit.
Here is the screenshot of what I form fields I get:
How do I edit this page?
For example, If I just want FirstName, LastName, Password, ConfirmPassword and Organization what are the changes to be made and where?
From the documentation, I figured out that Claim Configuration of the Service Provider should do the thing.
I have even tried to configure the claims and tried to use custom claim dialect. But with no luck.
How do I achieve it? Any help will be appreciated.
Attributes that shows in the self sign up page are the WSO2 dialect claims which has "Supported by Default" configuration enabled. If you o to claim dialect list page and go to "http://wso2.org/claims" dialect and expand agny claim, you can see this configuration. Mandatory one's (which has the red astrix mark) are the claims that has "Required" config enabled. For example see below config of the department claim.
If you go to one of the user's profile from the management console, you can see the same set of claims there also.
You can change the "Supported by Default" and "Required" config of each claim to cater your requirement in the registration profile.
One other option is you can customize the self sign up page itself. Page is self-registration-with-verification.jsp in accountrecoveryendpoint we application in <IS-HOME>/repository/deployment/server/webapps folder. But still you will have to ask the user to enter the "Required" claims
Related
I have enabled multi-tenancy in GCP Identity Platform and unchecked "Enable create (sign-up)" in User Actions section of Identity Platform settings.
I have then implemented example sign-in page by following https://cloud.google.com/identity-platform/docs/multi-tenancy-ui this tutorial.
Specifically I have this snippet in my frontend code:
<script>
var ui = new firebaseui.auth.AuthUI(firebase.auth());
firebase.auth().tenantId = <MY-ONE-AND-ONLY-TENANT-ID>;
ui.start('#firebaseui-auth-container', config);
});
</script>
My problem is that it's still possible to create accounts in this tenant scope despite unchecking the "Enable create (sign-up)".
Additionally, if I comment out this line: firebase.auth().tenantId = <MY-ONE-AND-ONLY-TENANT-ID>;
I get expected This operation is restricted to administrators only. error. Therefore I understand that this setting has effect in general scope of my project.
Question is how do I achieve the same for my tenants if "Settings" page is only available for general scope. It displays <TENANT-NAME> is a tenant, you can manage <TENANT-NAME> and other tenants in <PROJECT-NAME>
Based on this article, when sign-up is disabled in the project settings, it should be mirrored with adminRestrictedOperation flag having set to true in Firebase. Disabling sign-up in the project settings without setting this to true will not have any effect.
Additionally, you might find this GitHub article useful. You can disable new user sign up with email providers by setting the flag disableSignUp.status to true. This will display an error message when new users attempt to sign up.
I want to add some customization like a picker field and checkbox in the default sign-up form given by wso2is.
EXAMPLE: I have a list of organizations and when user signup he/she selects related organization from a list and the organization gets stored in the DB.
one more example can be: I can provide list of Countries and users will be able to select respective countries.
Attributes that you can see in the default self sign up page are the claims that have been configured as Supported by Default in the WSO2 claim dialect (http://wso2.org/claims).
So if the required attributes are already not there in the default self sign up page you can configure them as Supported by Default from the management console. Please refer the documentation for more details.
After that, if you want to have a drop-down for some attributes you have to customize the self sign up page. The relevant JSP page (self-registration-with-verification.jsp) can be found in the accountrecoveryendpoint web app which can be located at <IS-HOME>/repository/deployment/server/webapps folder. So you can do the customization there as for your requirement.
Also if you want to build a separate Self Sign-Up page using a preferable technology you can use the Self Sign-Up REST APIs as well.
I am newbie to the WSO2 IS. I would like to configure PostalCode, Telephone and Date of birth in claim configuration which I can do it in SP (Service Provider) screen --> "Claim configuration" shown below.
Let's say I've user "John" configured in "User Profile" screen which give me option to enter FirstName, LastName, Organization, Email etc but it doesn't give me a option of PostalCode, DOB, Title, locality etc.
I wanted to populate all these values in UserStore (User Profile), so that all these values can go into the SAML Post. I am reading SAML Post assertions and I can get those values from Child Attributes or Attribute statements, so that I can check those value of User John against my local DB.
But I am not aware how we save values of "PostalCode", "DOB" or any custom Claim of my chioce in User Profile to make it available? Please help me. Please guide or Provide screen shots.
You need to configure new claim mapping and map your new claim uris in to a attribute of the user store. It seems to be that you have already created a claim mapping. If you need to show new claims in the user profile UI, you need to tick on the Supported by Default check box in claim mapping configuration.
More details about claim management of WSO2IS is available here
Does the WSO2 dashboard allow for User information recovery? I am looking at it currently, and documentation shows that it allows for users to log in and manage their account. Does the Dashboard also support User Information Recovery, (i.e. resetting the password or finding a forgotten username). And if it does, what values in the configuration file do I need to modify?
Yes it does. Sort of. Here is a sample app that, I'm guessing, the WSO2 folks created.
http://cgchamath.blogspot.com/2013/12/password-recovery-with-wso2-identity.html
The example at the bottom has a readme with how to configure the server. What i did was to add a button to the dashboard login page that loaded the configured sample app, then rebranded the sample to make it look more like the dashboard page.
When I go to "My Identity -> My Profiles", it does not give me the option to Add New Profile (as seen on the documentation for User Profile Management), but I can only edit the default profile.
I am using an external MySQL server as the JDBC user store, and creation and editing of users works fine.
I did not find any parameter in the xml files to enable this multiple profile feature. How should I proceed?
Thanks.
Yes. I also find the same. Adding multiple profile for user has been removed from UI. But with JDBC user store, I guess, we can add this using the web service API. Following is the API
https://{ip}:{port}/services/UserProfileMgtService?wsdl