If this is per tenant - you cannot do it via a configuration in the identity.xml...
Ideally the tenant admin should have an option in the UI to enable/disable SelfSignUp and if it is enabled he should be able to specify the default role or the role list. Thanks & regards, -Prabath On Wed, Jan 22, 2014 at 5:30 PM, Asela Pathberiya <[email protected]> wrote: > > > > On Wed, Jan 22, 2014 at 4:51 PM, Lalaji Sureshika <[email protected]> wrote: > >> Hi, >> >> I checked the code and found below configuration need to be added to >> identity.xml,in-order to configure the self signup user's assigning role. >> >> <SelfSignUp> >> <SignUpRole> >> <Name>test</Name> >> <External>true</External> >> </SignUpRole> >> </SelfSignUp> >> >> Addition to configuring custom roles for self registration function,is >> there a config element to enable/disable self signup functionality? As I >> found there's no such config.It's based on the users-store read-only >> mode/not. >> I'm asking this because, ,in api-manager.xml file also we are keeping a a >> <selfsignup> section as below.That api-manager.xml contains one additional >> attribute to enable/disable self signup functionality in running server >> ,which is not available in the config of identity.xml. If there is a >> similar config attribute in identity.xml,we can totally deprecate the use >> of <SelfSignUp> in api-manager.xml and stick only to identity.xml config.. >> >> <SelfSignUp> >> <Enabled>true</Enabled> >> <SubscriberRoleName>subscriber1</SubscriberRoleName> >> >> </SelfSignUp> >> >> If there's no such config element available in identity.xml,shall we add >> such property to <SelfSignUp> config in identity.xml and improve the code >> of self-signup service based on it,as I feel it's a useful improvement from >> IS side as well.. Appreciate thoughts on this.. >> > > +1. It is better to have a property to enable/disable in the identity.xml. > I o not think we can configure multiple roles (multiple SignUpRole > elements) , If not, we can fix it as well > > Thanks. > Asela. > > >> >> Thanks; >> >> >> >> >> >> On Wed, Jan 22, 2014 at 2:30 PM, Lalaji Sureshika <[email protected]>wrote: >> >>> Hi, >>> >>> On Wed, Jan 22, 2014 at 2:04 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> I think the right approach is to use [1]. UserSelfRegistrationService >>>> will add users to the Identity role by default. But, if you want to add the >>>> user to the subscriber role, you can make it configurable. >>>> >>> Thanks for pointing it. Wasn't aware that the default role for add users >>> from "UserSelfRegistrationService" service is configurable.Will follow >>> this approach without using a separate listener class. >>> >>> Thanks; >>> >>>> >>>> Also - with UserSelfRegistrationService - you can specify to which >>>> user stores you need to add users. >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>> On Wed, Jan 22, 2014 at 11:22 AM, Lalaji Sureshika <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> With current WSO2 APIStore self signup functionality,we do support >>>>> only for super tenant APIStore. We are planning to extend it to support >>>>> for >>>>> tenant users as well. >>>>> >>>>> With current signup approach, we do two web service calls as; >>>>> 1) call "UserSelfRegistrationService" to add the user >>>>> 2) call "UserAdmin" to assign the subscriber role to the user >>>>> >>>>> With above approach,for the 2) call,we need to authenticate and thus >>>>> need to have admin credentials predefined.But in tenant mode,to do above >>>>> 2) >>>>> we cannot keep tenant admin credentials predefined in a config file and >>>>> use. >>>>> >>>>> Thus without doing above 2) web service call,we are going to achieve >>>>> the role assignment from writing a custom user store listener >>>>> implementation and do the role-assignment as a PreAddUser operation.This >>>>> way,it'll not required to keep tenant admin/super admin credentials and >>>>> will only do one web service call for signup. >>>>> >>>>> Appreciate your feedback on this. >>>>> >>>>> >>>>> >>>>> Thanks; >>>>> >>>>> -- >>>>> Lalaji Sureshika >>>>> WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; >>>>> blog: http://lalajisureshika.blogspot.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Twitter : @prabath >>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://blog.api-security.org >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Lalaji Sureshika >>> WSO2, Inc.; http://wso2.com/ >>> email: [email protected]; cell: +94 71 608 6811 >>> blog: http://lalajisureshika.blogspot.com >>> >>> >>> >> >> >> -- >> Lalaji Sureshika >> WSO2, Inc.; http://wso2.com/ >> email: [email protected]; cell: +94 71 608 6811 >> blog: http://lalajisureshika.blogspot.com >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
