idm.sec.reg.loginGenerator – step 1. If the key is not defined, the user can type its own login. In other words the registration form has input box for the user to specify the login. Otherwise if the key is defined then the value of the option is the name of the CzechIdM login generation component. One possible value is e.g. „basicLoginGenerator“ (login has the following form: firstname + 1. character of lastname).
idm.sec.reg.createEnabled – true, if the identity in step 1 and 2 should be created as enabled (unblocked)
idm.sec.reg.defaultOrgId –
step 2. The value of the option is entity_id of the organisation, in which we want to place registered users (via their contracted positions). We can find entity_id of the organisation on organization detail in CzechIdM
GUI: Organizations → Structure elements → find org. e.g. by its name → organization detail (magnifying glass). Then we see the entity_id in
URL of our web browser after
TreeNode string. E.g. 767b8e11-122c-433a-9cde-2d686061aa3d.
idm.sec.reg.confirmationTtlSec – number of seconds, that the registration
URL in email is valid in
step 3.
idm.sec.reg.defaultRoles - step 5 – the value is a set of role names, that the users gets in registration process.
idm.sec.reg.passwordPolicy – the value is the name of the password policy.
idm.sec.reg.defaultAuthorizer – the value is the login of the identity, that is used as a manager of registered users (their contracted position).
idm.pub.reg.terms.enabled - if value is true is mandatory agree with terms, terms url is now defined in this attribute: idm.pub.reg.terms.url.
idm.pub.reg.terms.url - url with terms.
idm.pub.reg.note.enabled - enabled note for request.
idm.pub.reg.note.required - required note, beware if you set note as disabled and at the same time you set required note. Note will not be required.
idm.sec.reg.find.caseinsensitive - write the list of codes of attributes (comma separated) for which the find is supposed to be case insenstitive. This is useful when activating account: if the identity in IdM has email "Jan.Novak@email.com" but the user tries to activate the account with email "jan.novak@email.com", it is not possible to activate the account without setting this property to 'true'. False by default. Since 2.3.2.
Steps 1-6 or their parts can be disabled by the following processors: request-confirm-processor, request-approve-processor, identity-finalize-processor, user-notification-processor, notification-processor, request-delete-processor.