You can use the Portal Delegated User Registry to increase the number of options that are
available to you for account and security management from within the Developer Portal.
About this tutorial
This tutorial takes you through setting up the following three user registry options for the
Developer Portal:
- Portal Delegated User Registry
- Setting the Portal Delegated User Registry in the API Manager UI means that the user management is
delegated to the Developer Portal. Therefore new user accounts are created in the local Developer Portal database, also
known as the local user registry. For more information, see Selecting the Portal Delegated User Registry.
- Third-party authentication provider credentials
- Enabling third-party authentication provider credentials, such as Facebook and Google, reduces
the number of authentication credentials that a user of the Developer Portal needs. For more
information, see Using third-party authentication provider credentials to access the Developer Portal.
- LDAP user registry
- Configuring LDAP means that the Developer Portal can authenticate
users against an existing LDAP user registry. For more information, see Configuring the Developer Portal to use an LDAP user registry.
Each of these three options can be used separately, or in any combination. However, setting up
the Portal Delegated User Registry is a prerequisite for both the third-party authentication option
and the LDAP user registry option.
The following example takes you through setting up all three user registry options, giving new
users the ability to access the Developer Portal by using LDAP
credentials, third-party credentials, or by creating new accounts in the local user registry. In
addition, the example shows you how to enable administrator approval for all new accounts, and how
to modify the approval email template.
Before you begin
The following prerequisites are required before starting the tutorial:
-
You must be an owner of a Provider Organization in the API Manager UI. For
more information, see Creating a provider organization account.
-
You must have a Catalog without a Developer Portal site. If you do
have a Catalog that you want to work with that has a Developer Portal site, the only
account that the Developer Portal site can have is the administrator account.
You will also need the following prerequisites if you want to complete the third-party
authentication and LDAP sections:
Enabling the use of third-party authentication provider credentials to
access the Developer Portal
In the Developer Portal, log
in as the administrator to complete the following steps:
- Ensure that the HybridAuth module is enabled. For more information, see Disabling modules, and enable the module if necessary. When you enable
Portal Delegated User Registry in the API Manager UI, the module is enabled
automatically.
- On the administrator dashboard, click .
- From the list of authentication providers that are displayed, click the check box for the
authentication provider that has the authentication credentials that you want to use, then click
Settings. The Application settings tab contains text
fields that must be filled with specific values. Information on obtaining the specific values for
each authentication provider can be found on their Application settings tabs.
- Fill in the required fields for the authentication provider.
- Click Save configuration.
Configuring your LDAP user registry in the Developer Portal
- Enable LDAP configuration in the Developer Portal by clicking
Modules on the administrator dashboard. Search for, and enable, the following modules:
- LDAP Servers
- LDAP User Module
- LDAP Authentication
Then, click Save configuration.
- Click
- To configure your LDAP registry settings:
- Click Settings, then select the check box in the Require HTTPS
on Credential Pages.
- Click Save configuration.
- To configure your LDAP registry server:
- Click .
- In the Connection settings settings, enter values for the following fields:
- For Machine name for this server configuration, enter
MyLDAPServer
- For Name, enter LDAP Server 1
- Select the check box for Enabled.
- Select your type of LDAP server from the LDAP Server Type drop-down
list.
- Enter the IP address or domain name of your LDAP server in the LDAP
server text field.
- Enter you port number in the LDAP port text field.
- In the Binding Method section, select Anonymous Bind for
search, then Bind with User Credentials.
- In the LDAP User to Drupal User Relationship section, enter values for
the following fields:
- Base DNs for LDAP users, groups, and other entries
- AuthName attribute
- Click Add.
- To configure the LDAP Authentication:
- Click the Authentication tab, then in the LDAP Authentication
Settings section, select the check box for your LDAP server that is found under
Authentication LDAP Server Configurations.
Note: The Mixed mode radio button
must be selected as it enables you to use third-party authentication provider credentials in
addition to your LDAP credentials.
- In the User Login Interface section, enter values for the following
fields:
- For the Username Description Text, enter LDAP
Username
- For the Password Description Text, enter LDAP
Password
- In the Email section, select the check box for Don't show an
email field on user forms, then click Save.
Change the account settings to enable approval for all new accounts including
third-party authentication providers
- On the administrator dashboard, click .
- In the Registration and cancellation section, select the
Visitors, but administrator approval is required check box.
- To enable the Require e-mail verification when a visitor creates an
account function, select the adjacent check box.
- Click Save configuration.
Modifying the Developer Portal email
templates
- On the administrator dashboard, click .
- In the E-mails section, modify the content of the Welcome
(awaiting approval) with the following text into the corresponding fields:
- Subject
- Welcome user_name. Your site_name account is pending
approval
- Body
- Thank you very much for signing up to site_name. Your account is currently
pending approval, and you will receive e-mail confirmation upon its approval.
- Click Save configuration.
Results
You have enabled the Developer Portal to authenticate
users against a local user registry, a third-party authentication provider, or an LDAP user
registry. With this scenario, if a user does not exist in an external user registry, either LDAP or
the third-party provider, their account is created in the local Developer Portal database.