Configure reCAPTCHA for Self-Registration

Self-registration is an important feature when it comes to commercial applications. This feature gives the users the privilege of being a part of your community without you having to go through the hassle of adding them.

This topic guides you through configuring reCAPTCHA for the self registration flow. By configuring reCAPTCHA, you can mitigate or block brute force attacks.

Info

For more information on setting up self registration, see Self-Registration and Account Confirmation.

For more information on brute force attacks, see Mitigating Brute Force Attacks.

You can either configure the reCAPTCHA for a tenant or configure it globally.

Prerequisites

Setting Up reCAPTCHA with WSO2 Identity Server.

Configure self-registration with reCAPTCHA for a specific tenant

  1. Start the WSO2 Identity Server and log in to the management console.
  2. On the Main tab, click Identity > Identity Provider > Resident Identity Provider.
  3. Expand User Onboarding > Self Registration.
  4. Enable User self registration and make sure Prompt reCaptcha is enabled.
  5. Keep the remaining configurations as it is and click Update. self-registration-enable-recaptcha
  6. You have now successfully configured reCAPTCHA for the self registration flow. 

Configure self-registration with reCAPTCHA globally

  1. Navigate to the <IS_HOME>/repository/conf/deployment.tomlfile and add the following configurations.

    Tip

    To avoid any configuration issues, do this before starting the WSO2 Identity Server product instance.

    [identity_mgt.user_self_registration]
    allow_self_registration=true
    lock_on_creation=true
    enable_recaptcha=true
    verification_email_validity="1440m"
    callback_url="[${carbon.protocol}://${carbon.host}:${carbon.management.port}].*[/authenticationendpoint/login.do]*"
    
    [identity_mgt.user_self_registration.notification]
    manage_internally=true    

    The following table lists out more information pertaining to these configurations.

    Configuration Description
    allow_self_registration
    Set this to true to enable this configuration at a global level.
    lock_on_creation
    Setting this to true ensures that the user's account is locked on creation.
    manage_internally
    Setting this value to true ensures the internal email sending module is enabled. However, setting this to false ensures that the email sending data is available to the application via a web service. The application can send the email using its own email sender.
    enable_recaptcha
    Set this to true to enable reCAPTCHA for self-registration globally.
    verification_email_validity
    The validity period of the email in minutes.
    callback_url
    RegEx pattern to validate the callback URL sent in the email.

  2. Some listeners must be enabled in order for this to work when the operations are invoked.

    Tip

    These are usually set by default in the product unless you have made any changes.

    [event.default_listener.identity_mgt]
    priority="50"
    enable=false
    
    [event.default_listener.governance_identity_store]
    priority="97"
    enable=true
    
    [event.default_listener.scim]
    priority="90"
    enable=true
  3. Save the configuration changes and restart the server.

Try it

Start WSO2 Identity Server and log in to the My Account (https://<HOST>:<PORT>/myaccount) application.

register-now

Tip

If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

Click Create Account and then enter the new user's username.

register-users-for-tenant

At the end of the registration, the following reCAPTCHA logo appears at the bottom right of the screen.

recaptcha-window

Top