Tutorial: Using the Portal Delegated User Registry

You can use the Portal Delegated User Registry to increase the number of options that are available to you for account and security management from within the Developer Portal.

About this tutorial

This tutorial takes you through setting up the following three user registry options for the Developer Portal:
Portal Delegated User Registry
Setting the Portal Delegated User Registry in the API Manager UI means that the user management is delegated to the Developer Portal. Therefore new user accounts are created in the local Developer Portal database, also known as the local user registry. For more information, see Selecting the Portal Delegated User Registry.
Third-party authentication provider credentials
Enabling third-party authentication provider credentials, such as Facebook and Google, reduces the number of authentication credentials that a user of the Developer Portal needs. For more information, see Using third-party authentication provider credentials to access the Developer Portal.
LDAP user registry
Configuring LDAP means that the Developer Portal can authenticate users against an existing LDAP user registry. For more information, see Configuring the Developer Portal to use an LDAP user registry.
Each of these three options can be used separately, or in any combination. However, setting up the Portal Delegated User Registry is a prerequisite for both the third-party authentication option and the LDAP user registry option.
Note: This tutorial shows you how to configure the Developer Portal to authenticate users against an existing LDAP user registry. If you want to allow new users to be added to the LDAP user registry, see Tutorial: Configuring writable LDAP in the Developer Portal.

The following example takes you through setting up all three user registry options, giving new users the ability to access the Developer Portal by using LDAP credentials, third-party credentials, or by creating new accounts in the local user registry. In addition, the example shows you how to enable administrator approval for all new accounts, and how to modify the approval email template.

Before you begin

The following prerequisites are required before starting the tutorial:

  • You must be an owner of a Provider Organization in the API Manager UI. For more information, see Creating a provider organization account.

  • You must have a Catalog without a Developer Portal site. If you do have a Catalog that you want to work with that has a Developer Portal site, the only account that the Developer Portal site can have is the administrator account.

You will also need the following prerequisites if you want to complete the third-party authentication and LDAP sections:

Enabling the Portal Delegated User Registry

  1. In API Manager, if you have not previously pinned the UI navigation pane then click the Navigate to icon The Navigate to icon. The API Manager UI navigation pane opens. To pin the UI Navigation pane, click the Pin menu icon The Pin menu icon..
  2. Click Dashboard in the Navigation pane, then click the Catalog for which you want to enable the use of third-party authentication provider credentials.
  3. Click Settings > Portal.
  4. Select the IBM Developer Portal radio button to enable the Developer Portal site.
  5. Enter the URL of your Developer Portal site.
  6. In the User Registration and Invitation section, select Portal Delegated User Registry from the User Registry drop-down list. The catalog_name is the name of the Catalog that you are working in and applying the registry settings to.
  7. [V5.0.3 and earlier]Ensure that Self-service onboarding is set to the on position.
    Important: Self-service onboarding must be on to complete the tutorial.
  8. [V5.0.4 or later]Ensure that Developers can invite collaborators and assign the following roles is set to the on position.
    Important: Developers can invite collaborators and assign the following roles must be on to complete the tutorial.
  9. Click Save.
  10. After a few minutes, you receive an email with a link to your Developer Portal site for that Catalog. The link is a single use only link for the administrator account. When the link is active and you have accessed it, you can change the password of this administrator account.

Enabling the use of third-party authentication provider credentials to access the Developer Portal

In the Developer Portal, log in as the administrator to complete the following steps:

  1. Ensure that the HybridAuth module is enabled. For more information, see Disabling modules, and enable the module if necessary. When you enable Portal Delegated User Registry in the API Manager UI, the module is enabled automatically.
  2. On the administrator dashboard, click Configuration > People > HybridAuth.
  3. From the list of authentication providers that are displayed, click the check box for the authentication provider that has the authentication credentials that you want to use, then click Settings. The Application settings tab contains text fields that must be filled with specific values. Information on obtaining the specific values for each authentication provider can be found on their Application settings tabs.
  4. Fill in the required fields for the authentication provider.
  5. Click Save configuration.

Configuring your LDAP user registry in the Developer Portal

  1. Enable LDAP configuration in the Developer Portal by clicking Modules on the administrator dashboard. Search for, and enable, the following modules:
    • LDAP Servers
    • LDAP User Module
    • LDAP Authentication
    Then, click Save configuration.
  2. Click Configuration > People > LDAP Configuration
  3. To configure your LDAP registry settings:
    1. Click Settings, then select the check box in the Require HTTPS on Credential Pages.
    2. Click Save configuration.
  4. To configure your LDAP registry server:
    1. Click Servers > Add LDAP Server Configuration.
    2. In the Connection settings settings, enter values for the following fields:
      • For Machine name for this server configuration, enter MyLDAPServer
      • For Name, enter LDAP Server 1
    3. Select the check box for Enabled.
    4. Select your type of LDAP server from the LDAP Server Type drop-down list.
    5. Enter the IP address or domain name of your LDAP server in the LDAP server text field.
    6. Enter you port number in the LDAP port text field.
    7. In the Binding Method section, select Anonymous Bind for search, then Bind with User Credentials.
    8. In the LDAP User to Drupal User Relationship section, enter values for the following fields:
      • Base DNs for LDAP users, groups, and other entries
      • AuthName attribute
    9. Click Add.
  5. To configure the LDAP Authentication:
    1. Click the Authentication tab, then in the LDAP Authentication Settings section, select the check box for your LDAP server that is found under Authentication LDAP Server Configurations.
      Note: The Mixed mode radio button must be selected as it enables you to use third-party authentication provider credentials in addition to your LDAP credentials.
    2. In the User Login Interface section, enter values for the following fields:
      • For the Username Description Text, enter LDAP Username
      • For the Password Description Text, enter LDAP Password
    3. In the Email section, select the check box for Don't show an email field on user forms, then click Save.

Change the account settings to enable approval for all new accounts including third-party authentication providers

  1. On the administrator dashboard, click Configuration > People > Account settings.
  2. In the Registration and cancellation section, select the Visitors, but administrator approval is required check box.
  3. To enable the Require e-mail verification when a visitor creates an account function, select the adjacent check box.
  4. Click Save configuration.

Modifying the Developer Portal email templates

  1. On the administrator dashboard, click Configuration > People > Account settings.
  2. In the E-mails section, modify the content of the Welcome (awaiting approval) with the following text into the corresponding fields:
    Subject
    Welcome user_name. Your site_name account is pending approval
    Body
    Thank you very much for signing up to site_name. Your account is currently pending approval, and you will receive e-mail confirmation upon its approval.
  3. Click Save configuration.

Results

You have enabled the Developer Portal to authenticate users against a local user registry, a third-party authentication provider, or an LDAP user registry. With this scenario, if a user does not exist in an external user registry, either LDAP or the third-party provider, their account is created in the local Developer Portal database.