Apereo CAS - Self Service User Account Registration & Sign up

Posted by Misagh Moayyed on July 25, 2022 · 10 mins read ·

Apereo CAS provides a modest workflow to handle self-service account registration and sign-ups. Once enabled, the registration flow allows users to provide an initial, customizable set of details such as first name, last name, and email to kickstart the account creation request. This activation request is followed up by an activation link with instructions via email or text message to verify the account creation request. The activation link should finally allow the user to complete the registration request, choose a password, security questions, etc. In this post, we will take a look at the configuration steps required to turn on the account registration flow. Our starting position is as follows:

Overview

Once you have included the appropriate CAS module in your build, you will need to instruct CAS with the following settings:

# Allow the activation link to remain valid for 5 minutes
cas.account-registration.core.expiration=PT5M
cas.account-registration.core.isIncludeServerIpAddress=false
cas.account-registration.core.isIncludeClientIpAddress=false

# Email sender settings
cas.account-registration.mail.from=info@fawnoos.com
cas.account-registration.mail.html=true

# Email server configuration
spring.mail.host=localhost
spring.mail.port=25000

Account creation requests are expected to be verified using a dedicated activation link that can be shared with the user using mail. You will need to make sure CAS knows how to send the account activation link via email by specifying the details of your email server. Finally, the activation link is expected to remain valid for 5 minutes.

At this point, you should be able to run CAS and see the Sign Up link on the CAS login page:

Once you attempt to sign up, the registration form should appear:

Once the registration request is submitted, the activation link should follow via email:

Then, once the account is activated, you will be asked to choose a password:

…and to finalize the flow:

Provisioning Accounts

Apereo CAS is NOT, as of this writing, an identity management solution and does not intend to provide features or support capabilities that are typically found in such systems, such as provisioning workflows and account lifecycle management, etc. Therefore, rather than storing accounts in some CAS-owned datastore, the provisioning operation supports external systems and identity management solutions that would be able to receive the registration request and store the account as they see fit.

In this setup, we would instruct CAS to use an external REST API to handle the submission of provisioning requests:

cas.account-registration.provisioning.rest.url=https://api.example.org/accounts

This is the option where account registration requests are submitted to an external REST API via a POST request that is responsible for managing and storing the account in the appropriate systems of record. The body of the request will contain the account registration request.

Of course, if you are not happy with the provisioning options that exist today, you could always instruct CAS to use your own:

@Bean
public AccountRegistrationProvisionerConfigurer customProvisioningConfigurer() {
    return () -> {
        return new CustomAccountRegistrationProvisioner();
    };
}

Registration Requests

You might be wondering if it’s possible to customize the registration form and add/remove fields or introduce additional steps and workflows into the mix before the submission of the activation request. What ships with CAS are a default set of fields and inputs that are described in a JSON document in form of metadata:

{
  "@class" : "java.util.HashMap",
  "field-name" : {
    "@class" : "org.apereo.cas.acct.AccountRegistrationProperty",
    "name" : "field-name",
    "required" : true,
    "label" : "cas.screen.acct.label.field",
    "title" : "cas.screen.acct.title.field",
    "pattern": ".+",
    "type": "email",
    "values" : [ "java.util.ArrayList", [ "sample@gmail.com", "sample2@hotmail.com" ] ],
    "order": 0
  }
}

You can certainly alter this metadata and add or remove fields of your choosing by constructing a JSON document and teaching CAS to load it:

cas.account-registration.core.registration-properties.location=file://path/to/fields.json

Additional variations and nuances in the registration flow, as of this writing, will most likely require extra research and development.

Need Help?

If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed