User Self-Registration
1. Overview
User Self-Registration (SelfReg) application is a web application provided by RCDevs installed on the WebADM server. This application allows users to manage their OTP Token and U2F key enrollment. Users are also able to manage their OTP list, SSH key for SpanKey and TiQR Sign. SelfReg application is similar to the User Self-Service Desk, the only difference between both applications is that the Self-Registration can be acceded only with a WebADM Administrator request. To allow the user, the Administrator will send a Self-Registration request to the user and this user will receive a one time link to access to the application. Once logged on the application, the access link is revoked and the user cannot access the application anymore.
2. Installation
The Self-Registration application is included in the Webam_all_in_one package.
2.1 Install with Redhat Repository
On a RedHat, Centos or Fedora system, you can use our repository, which simplifies updates. Add the repository:
curl http://www.rcdevs.com/repos/redhat/rcdevs.repo -o /etc/yum.repos.d/rcdevs.repo
Clean yum cache and install Radius Bridge:
yum clean all
yum install selfreg
The Self-Registration application is now installed.
2.2 Install with Debian Repository
On a Debian system, you can use our repository, which simplify updates. Add the repository:
echo "deb http://rcdevs.com/repos/debian ./" > /etc/apt/sources.list.d/rcdevs.list
apt-key adv --fetch-key http://rcdevs.com/repos/debian/RPM-GPG-KEY-rcdevs.pub
Clean cache and install Radius Bridge:
apt-get update
apt-get install selfreg
Self-Registration application is now installed.
2.3 Install Using the Self-Installer
The installation of RB is very simple and is performed in less than 5 minutes. Just download the RB self-installer package on RCDevs website and put the installer file on your server. You can use WinSCP to copy the file to your server. To install RB, login to the server with SSH and run the following commands:
gunzip selfreg-1.1.x.sh.gz
bash selfreg-1.1.x.sh
3. User Self-Registration
The installation of SelfReg is straightforward and only consists in running the self-installer or install the package through RCDevs repository and configure the application in WebADM.
You do not have to modify any files in the SelfReg install directory! The web applications configurations are managed and stored in LDAP by WebADM. To configure SelfReg, just enter WebADM as super administrator and go to the ‘Applications’ menu. Click SelfReg to enter the web-based configuration.
SelfReg application logs are accessible in the Databases menu in WebADM.
Note
To be able to use SelfReg, any LDAP user must be a WebADM account. That means usable LDAP accounts are those containing the webadmAccount LDAP object class. You can enable the WebADM features on any LDAP user/group by extending it with the webadmAccount object class (from object extension list).
Inline WebApps:
You can embed a Web app on your website in an HTML iFrame or Object.
#Example
<object data="https://<webadm_addr>/webapps/selfreg?inline=1" />
4. Graphical Configuration
Once the application is installed, you have to enable it through the WebADM GUI.
To Activate it, log in on the WebADM GUI with your super_admin account, click on Applications tab, in Categories box, on the left, click on Self-Service. You should see the Self-Registration application here.
Click on the REGISTER button to enable the Application and you can now CONFIGURE it.
Under the configuration menu, many settings can be configured as you can see on screenshots below.
Settings below allow admin to manage how many tokens can be managed by the user, which features will be allowed on the App, which kind of token the user can enroll…
The SSH key management/renewal can be done through the Self-Registration application too.
Below the SSH Key management settings, another part called Mail/SMS Link allows you to configure the Registration URL, the delivery mode (Mail/SMS) and the link expiration time. This URL should be adjusted when you are running the Application through the WAProxy else, users will access to the application through the WebADM server directly.
URL example when user accesses the app through the WebADM server :
https://webadm_ip/webapps/selfreg/
URL example when user accesses the app through the WAProxy :
https://waproxy_ip/selfreg/
Other settings can be adjusted as you want…
Click on Apply and the configuration is done.
5. Send a Self-Registration Request to a User
To send a self-registration request to a user, you have 2 ways :
- Auto send a link when the Token user is expired,
This setting is available since the OpenOTP v1.3.12-1. When the user will perform a login and his token is expired, the authentication will fail and a selfreg link will be sent to the user.
- Manually send a link.
To manually send a selfreg link, go on the WebADM Admin GUI, click on the concerned user on the left tree. In Application actions box, click on User Self-Registration
Click now on Send Registration Email / SMS
You can select the method you want to use to send the request (SMS/Mail) and you can also write a message to the user :
Click on Send button and the selfreg request is sent to the user.
The user will receive something like this :
He has to click on the link and will be redirected to the Application.
Login with his credentials and the user is logged on the application and can now manage what the admin allow him to manage.
