Article
Search
Shameless Plugs
Act Now!
Recent comments
Most Popular
Top Contributors
| User | Points |
|---|---|
| geoffc | 160,650 |
| dlythgoe | 21,925 |
| mfaris01 | 19,630 |
| mbluteau | 19,240 |
| DamianMyerscough | 18,220 |
| aburgemeister | 17,805 |
| mbluteau2 | 16,505 |
| davesimons | 15,300 |
| gchilders | 12,540 |
| dgersic | 11,505 |
Who's online
User login
2204
Self-Registration: Activating account via e-mailed link
Self-Registration can be useful for external users. And a process that allows for validation of the e-mail address before activating the account is adding a layer of confidence versus who the requester is.
Here is a simple example that you can customize to meet your needs.
First let's look at the Self-Registration + validation process.
Figure 4: User receives e-mail via e-mail address typed in the self-registration form. The e-mail includes validation link.
Figure 5: User is directed to web form for activating the account. Additionally, the user must agree to the Terms & Conditions, otherwise account will not be activated.
Figure 6: Once user agrees to the Ts&Cs(checkbox is checked) account will be activated.
Figure 7: User can now login to IdM and other auto-provisioned apps(via IdM drivers).
What's required?
First, you need to configure Self-Registration in IdM. You can follow these instructions: TID: 3002868 - How to allow anonymous users to self register to the User Application Portal
N.B. You need to grant trustee write rights(All attributes rights) at the OU level to the Public user.
Then you need a Null or Loopback driver to:
- Disable the account upon self-reg creation;
- Generate a unique key for the validation link, and store it in an attribute;
- Send the e-mail to the user;
- Check for when the user validates the account and enable it.
Figure 8: Null Driver rule that disables the user, generate a unique key, and send the e-mail.
Figure 11: Null driver configuration, pointing to ECMA/Javascript function to generate MD5 hash.
The zip download includes and export of the ECMA MD5 hash function, the Null Driver policy, and the war archive that includes the jsp form for e-mail validation.
N.B. I am using the admin account to write the attribute in the vault using the jsp form, but for a real deployment, a special account with only access to the single attribute selected would be appropriate.
For the war, I just deployed it on JBoss which I also use to run IdM(RBPM). You can access the JBoss console using http://idm_server_address:port (admin/admin is default).
| Attachment | Size |
|---|---|
| activateaccount.zip | 5.33 KB |
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 2204 reads
0