CzechIdM and customer’s self-registration to a portal


Identity Manager CzechIdM offers many standardized processes. Recently, self-registration of a customer to a portal was added. This way, CzechIdM helps to solve the problem how to deliver registration data securely: customers authenticate themselves in the process of self-registration and CzechIdM enables them to set their initial password.

What is the customer’s point of view?

  1. When the customer makes a contract, possibly electronic contract in the future, he states his e-mail address and receives his login printed on the contract.
  2. The customer sits to his home computer, visits the web pages of the portal and presses the “Register” button. A simple form is shown to him. Here he fills in his e-mail address and login.
  3. Following message appears: “The interim URL was generated and sent to registered e-mail address.”
  4. The customer checks his mail box and clicks on the link in the received message.
  5. Internet browser opens a new page showing a form for setting a new secure password. The customer fills in his new password, submits the form and is signed in the portal immediately. Next time, he will only enter his user login and the password he set.

1

What is the technical point of view?

During the process, which I described from the customer’s point of view, an encrypted communication takes place between following four systems: a database of customers, a portal, a portlet in the portal and Identity Manager CzechIdM. Let’s have a closer look:

  1. When the customer makes a contract, he states his e-mail address and receives his login printed on the contract. A worker inserts the data in the database of customers, where they are automatically read by CzechIdM.
  2. The customer sits to his home computer, visits the web pages of the portal and presses the “Register” button. A simple portlet containing a single form is shown to him. Here he fills in his e-mail address and login. The portlet sends both entries to CzechIdM using its web service. CzechIdM verifies that this customer really exists. Moreover, if the login and email address correspond with the data from the database of customers, CzechIdM generates a special random string called “urlid”, saves it and creates an interim link for the customer. Finally, CzechIdM sends the link to the mail of the customer.
  3. Following message appears in the browser: “The interim URL was generated and sent to registered e-mail address.”
  4. The customer checks his mail box and clicks on the link in the received message. He is redirected to the page with the portlet. The portlet reads “urlid” from one of the GET parameters in the URL and sends it by web service to CzechIdM for verification. CzechIdM verifies that this “urlid” exists for some customer and that it is still valid. Then it returns the login name of the customer back to the portlet.
  5. Internet browser opens a new page showing a form for setting a new secure password. The customer fills in his new password and submits the form. The portlet sends the password to CzechIdM. CzechIdM creates a new account for the customer in the portal and sets the chosen password. Additionally, it provides the portal with the information that the customer has successfully signed in. On top of that, CzechIdM provides the database of customers with the information about validity of the customer’s e-mail address.

2

Benefits

  • simple and transparent for the customer
  • accounts in the portal are created only for customers with valid e-mail address
  • security – the password is not printed anywhere, it is sent securely over SSL and the customer can change it at any time

Conclusion

A moment ago you read an article, where I presented details of one interesting process, which is part of standard services of Identity Manager CzechIdM. Do you want to know more or do you want to consult with us your own business process? Contact me at vojtech.matocha@bcvsolutions.eu, it would be my pleasure to help you!

Leave a Reply