Self Registration help

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Self Registration help

vladz
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Self Registration help

ilgrosso
Administrator
On 16/03/2017 22:27, Vlad Zelenko wrote:
> Hey all.  I am evaluating syncope as IMS, and want to test the REST
> API.  For starters, I am using Swagger UI to test self-registration.

Hi Vlad,
glad of your interest in Apache Syncope.

> 1.  (POST /users/self)  When I execute it from the browser, I
> invariably receive CODE 403 with message "Access to the specified
> resource has been forbidden."

Question: what is the value of the 'selfRegistration.allowed'
configuration parameter [1] in your Syncope deployment? (You can find it
out from Admin Console under Configuration > Parameters).
E.g. was self-registration enabled at all?

When enabled, the "POST /users/self" endpoint requires to be invoked
anonymously, e.g. without any 'Authorization' HTTP header.
Are you sure that you did not populate the username / password fields in
the Swagger UI when attempting the "POST /users/self" invocation?

> 2.  When I use the suggested 'curl' line
> (http://localhost:8080/syncope/rest/users/self?storePassword=true,
> etc.), 'Access Denied' is seen in 'core-rest.log' of the application,
> but nothing comes back to the STDOUT of cURL.

Use "curl -v" and you will get all the response headers, including
X-Application-Error-Code and X-Application-Error-Info.
More on available REST headers at [2].

> 3. When I use regular create user in Swagger UI (POST /users) with the
> same UserTO payload (see below), the user is created in syncope, code
> 201 is returned with a Generated Key.
>
> PAYLOAD:
> {"username":"test","password":"12SomeComplex!!!Pwd","realm":"/","securityQuestion":"","securityAnswer":"","plainAttrs":[{"schema":"email","values":[]}],"derAttrs":[],"virAttrs":[],"resources":[],"auxClasses":[],"memberships":[],"@class":"org.apache.syncope.common.lib.to.UserTO"}
>
>
> My question is, what is the correct way of performing
> Self-registration using REST API (I need this for our web
> application?)  Losing my mind over this...

It seems - for very valid reasons, I presume - that you are not
interested in the Enduser application [3] nor in using the Java client
library [4] for communicating via REST with Core (architectural
reference available at [5]).
I would invite you anyway to carefully consider all the related security
aspects: you can read from [6] how we did tackle them in the Enduser
application.

Regards.

[1]
https://syncope.apache.org/docs/reference-guide.html#configuration-parameters
[2] https://syncope.apache.org/docs/reference-guide.html#rest-headers
[3]
https://syncope.apache.org/docs/reference-guide.html#customization-enduser
[4] https://syncope.apache.org/docs/reference-guide.html#client-library
[5] https://syncope.apache.org/docs/reference-guide.html#architecture
[6] http://blog.tirasa.net/syncope-enduser-security-features.html

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: Self Registration help

vladz
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Self Registration help

vladz
CONTENTS DELETED
The author has deleted this message.