Note | ||
---|---|---|
| ||
The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available. |
Table of Contents | ||
---|---|---|
|
Introduction
This wiki page aims to show how to manage Sefl registration for anonymous users.
...
user requests are handled; this cover self registration as well.
Self registration
Self registration can be enabled (default) or disabled through administration console accessing to General configuration parameters and by setting the value of property "createRequest.allowed
" to true
or false
.
This can be done either via REST or through administration console.
Self
...
registration is enabled by default in embedded mode and disabled by default in real world deployments.
The self registration process
Submit anonymous user request
When enabled, anonymous users can access to Self the self registration form by clicking on "the Self registration" link that appear available at the bottom of the Administration Console administration console login form.
Manage self registration user requests
When an anonymous user submit submits the Self self registration form, Syncope create an "UserRequest" is created and forward it forwarded to designated administrators.
Created request Requests will appears be available in the Administration Console administration console under "the TODO > User request" tab.
User creation and activation
Manage user request
Designed administrators Under "TODO > User request" of Administration Console an admin can select a user request , check and modify user for reviewing (and possibly modifying) attributes, resources and roles as well. When
Once the user request it's saved, Syncope create and start a new User Workflow instace that will manage the entire identity lifecycle.
According to Default Workflow user creation it's the first activity executed by workflow (it can vary if user workflow definition has been customized). As shown by figure of Default Workflow, user activation process depends on the sequence of executed activities; user activation can be achived without additional steps, through explicit user approval, with (opt-in) token validaton or both. Syncope uses revserved administrative roleIds assigned to the user to choose which steps to execute.
User activation with approval workflow
According to Default Workflow, user activation approval occurs if the user is assigned the roleId=9 ("roleForWorkflowApproval").
After user request it's saved a new worflow instance it's started creating a new user with a "createApproval" status.
Approval task activity appears under "TODO > Approval" tabs. Admin can claim the task and choose whether activate the user or not. If the user it's approved it's saved in the "active" status and provisioned otherwise it's saved in the "rejected" status.
User activation with (opt-in) token validation
According to Default Workflow, user activation by (opt-in) token validation occurs if the user is assigned the roleId=11 ("roleForWorkflowOptIn").
User activation with approval and (opt-in) token validation
has been approved, the user is created and a new workflow instance is started.
Authenticated user request (Edit profile)
Each authenticated user can edit his own profile by clicking on the username on the top right corner of the admin console window.
When submitting, a new user request is generated and forwarded to designated administrators. Such request will be managed similarly to self-registration requestsAccording to Default Workflow, both user activation approval and (opt-in) token validation occurs if the user is assigned the roleId=9 and roleId=11.