Skip to content

Configuring reCaptcha for Self Registration

Self registration is an important feature when in comes to commercial applications. This feature allows the users the privilege of being a part of your community without you having to go through the hassle of adding them.

This topic guides you through configuring reCaptcha for the self registration flow. By configuring reCaptcha, you can mitigate or block brute force attacks.

Info

There are two ways to configure this feature.

The instructions for both these approaches are as follows.

Configuring self-registration with reCaptcha for a tenant

To configure self-registration with reCaptcha for a specific tenant:

  1. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.
  2. Start the WSO2 Identity Server and log in to the management console.
  3. Click on List under Identity Providers on the Main tab and then click Resident Identity Provider.
  4. Expand the Account Management Policies tab and then expand the User Self Registration tab.
  5. Select the Enable reCaptcha checkbox to enable reCaptcha for the self registration flow.
    self-registration-enable-recaptcha
  6. You have now successfully configured reCaptcha for the self registration flow. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip

    If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

  7. Click the Register Now link.
    register-now

  8. At the end of the registration, the following reCaptcha window appears.
    recaptcha-window

Configuring self-registration with reCaptcha globally

To configure self-registration with reCaptcha globally:

  1. Navigate to the <IS_HOME>/repository/conf/deployment.toml file and uncomment the following configuration block.

    Tip

    To avoid any configuration issues, do this before starting up the WSO2 Identity Server product instance.

    [identity_mgt.user_self_registration]
    allow_self_registration=true
    lock_on_creation=true
    enable_recaptcha=true
    verification_email_validity=1440
    callback_url="${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/login.do"
    [identity_mgt.user_self_registration.notification]
    manage_internally=true    

    The following table lists out more information pertaining to these configurations.

    Configuration Description
    allow_self_registration
    Set this to true to enable this configuration at a global level.
    lock_on_creation
    Setting this to true ensures that the user's account is locked on creation.
    manage_internally
    Setting this value to true ensures the internal email sending module is enabled. However, setting this to false ensures that the email sending data is available to the application via a Web service. The application can send the email using its own email sender.
    enable_recaptcha
    Set this to true to enable reCaptcha for self-registration globally.
    verification_email_validity
    The validity period of the email in minutes.
    callback_url
    RegEx pattern to validate the callback URL sent in the email.

  2. Some listeners must be enabled in order for this to work when the operations are invoked.

    Tip

    These are usually set by default in the product unless you have made any changes.

    [event.default_listener.identity_mgt]
    priority= "50"
    enable = false
    [event.default_listener.governance_identity_store]
    priority= "97"
    enable = true
    [event.default_listener.scim]
    priority= "90"
    enable = true
  3. Configure the email settings for the self-registration process. Configure email setting in the <IS_HOME>/repository/conf/deployment.toml file.

    [output_adapter.email]
    from_address=abcd@gmail.com
    username=abcd
    password=xxxxx
    hostname=smtp.gmail.com
    port=587
    enable_start_tls=true
    enable_authentication=true
  4. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha.

  5. Start the WSO2 Identity Server and log in to the end user dashboard using the following link: https://localhost:9443/dashboard

    Tip

    If you have changed the port offset or modified the hostname, change the port or hostname accordingly.

  6. Click the Register Now link.
    register-now-link

  7. Enter the account creation details and note that reCaptcha is available.
    account-creation-details
Top