On 16/04/2012 12:16, Bob Lannoy wrote: > Hi guys, > > can I get some pointers on how the self-service user part works? > I tried via the embedded mode but I can't get it to work.
Bob, here it follows a simple procedure to test out the self-service: 1. start Syncope in embedded mode [1] 2. point your browser to http://localhost:9080/syncope-console/ 3. click on the "Self Registration" link 4. provide (at least) all mandatory attribute values (username, password, userId, surname, fullname) + everything else you want (resources, roles, derived and virtual attributes) 5. Click OK on the final screen. Then: 1. log in as admin 2. go to TODO -> User requests, you should have one item 3. click on the edit icon 4. review data entered before, and optionally add / modify something 5. click on "Save" 6. user is created and TODO -> User requests is empty Actually, I've just found that this step 6 is not meet, hence opened SYNCOPE-58: I am going to fix this ASAP. > - user creates an account (will set a role for him in the background) > - is there some email-activation procedure? Everything related to user lifecylce can be customized via user workflow: you can examine and edit the workflow definition from the admin console under Configuration -> Workflow. Default user workflow adapter is based on Activiti BPM engine [3]; when running in embedded mode you get by default the user workflow definition used by integration tests, so I'd suggest to take a look at it and customize in order to suit your needs. Typically, user workflow customization takes the most when deploying a new IdM project: you can add predefined items via pure XML and Groovy or provide your custom Java implementations. Moreover, you can also configure approvals: in the test user workflow definition, for example, every time you assign role 9 to an user upon creation, such user won't be created before one of administrators (i.e. anyone having role 7 assigned) gives his approval (from admin console: TODO -> Approval). Coming back to your questions: adding roles to some users upon creation, or implement an e-mail based opt-in, are definitely user workflow job, in Syncope. > - is there a possibility to do a password reset if the user forgets his > password? Not yet, but I've just added this feature to the roadmap (Security item 7c) ;-) Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+embedded+mode [2] https://issues.apache.org/jira/browse/SYNCOPE-58 [3] http://www.activiti.org/ -- Francesco Chicchiriccò Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/
