Configuring reCaptcha for Self Registration¶
Self registration is an important feature when in comes to commercial applications. This feature allows the users the privilege of being a part of your community without you having to go through the hassle of adding them.
This topic guides you through configuring reCaptcha for the self registration flow. By configuring reCaptcha, you can mitigate or block brute force attacks.
Info
- For more information on setting up self registration, see Self-Registration and Account Confirmation.
- For more information on brute force attacks, see Mitigating Brute Force Attacks.
There are two ways to configure this feature.
The instructions for both these approaches are as follows.
Configuring self-registration with reCaptcha for a tenant¶
To configure self-registration with reCaptcha for a specific tenant:
- Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.
- Start the WSO2 Identity Server and log in to the management console.
- Click on List under Identity Providers on the Main tab and then click Resident Identity Provider.
- Expand the Account Management Policies tab and then expand the User Self Registration tab.
- Select the Enable reCaptcha checkbox to enable reCaptcha for the
self registration flow.
-
You have now successfully configured reCaptcha for the self registration flow. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard
Tip
If you have changed the port offset or modified the hostname, change the port or hostname accordingly.
-
Click the Register Now link.
- At the end of the registration, the following reCaptcha window
appears.
Configuring self-registration with reCaptcha globally¶
To configure self-registration with reCaptcha globally:
-
Navigate to the
<IS_HOME>/repository/conf/deployment.toml
file and uncomment the following configuration block.Tip
To avoid any configuration issues, do this before starting up the WSO2 Identity Server product instance.
[identity_mgt.user_self_registration] allow_self_registration=true lock_on_creation=true enable_recaptcha=true verification_email_validity=1440 callback_url="${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/login.do" [identity_mgt.user_self_registration.notification] manage_internally=true
The following table lists out more information pertaining to these configurations.
Configuration Description allow_self_registration
Set this to true
to enable this configuration at a global level.lock_on_creation
Setting this to true ensures that the user's account is locked on creation. manage_internally
Setting this value to true
ensures the internal email sending module is enabled. However, setting this tofalse
ensures that the email sending data is available to the application via a Web service. The application can send the email using its own email sender.enable_recaptcha
Set this to true
to enable reCaptcha for self-registration globally.verification_email_validity
The validity period of the email in minutes. callback_url
RegEx pattern to validate the callback URL sent in the email. -
Some listeners must be enabled in order for this to work when the operations are invoked.
Tip
These are usually set by default in the product unless you have made any changes.
[event.default_listener.identity_mgt] priority= "50" enable = false [event.default_listener.governance_identity_store] priority= "97" enable = true [event.default_listener.scim] priority= "90" enable = true
-
To configure the sending confirmation email for the self-registration process, enable the email sending configurations of the WSO2 Identity Server as explained here.
-
Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.
-
Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard
Tip
If you have changed the port offset or modified the hostname, change the port or hostname accordingly.
-
Click the Register Now link.
- Enter the account creation details and note that reCaptcha is
available.