Identity Patterns with the WSO2 Identity Server
Self-signup during the authentication flow with service provider specific claim dialects
Problem:
Self-signup during the authentication flow with service provider specific claim dialects
Problem:
- The business users need to access multiple service providers supporting multiple heterogeneous identity federation protocols.
- When the user gets redirected to the identity provider for authentication, the identity provider should provide a page with the login options and also an option to sign up.
- If the user picks the sign-up option, the required set of fields for the user registration must be specific to the service provider who redirected the user to the identity provider.
- Upon user registration, the user must be in the locked status, and confirmation mail has to be sent to the user’s registered email address.
- Upon email confirmation, the user should be prompted for authentication again and should be redirected back to the initial service provider.
- Deploy WSO2 Identity Server as the Identity Provider and register all the service providers.
- Customize the login web app (authenticationendpoints) deployed inside WSO2 Identity Server to give an option user signup in addition to the login options.
- Follow a convention and define a claim dialect for each service provider, with the required set of user attributes it needs during the registration. The service provider name can be used as the dialect name as the convention.
- Build a custom /signup API, which retrieves required attributes for user registration, by passing the service provider name.
- Upon registration, the /signup API will use email confirmation feature in the WSO2 Identity Server to send the confirmation mail and in addition to that the /signup API also maintain the login status of the user, so upon email confirmation user can be redirected back to the initial service provider.
- Products: WSO2 Identity Server 5.0.0+