Configure account link
Every organisation has the liberty to present to an end user, a customised registration form. This registration form has to be filled by an end user, in order to access the services offered by the organisation. In order to facilitate an organisation to accomplish exactly this, Onegini IDP allows organisations to specify the required set of fields through its administration console. Please refer to the picture below.
When an end user uses his Onegini IDP account to log into an organisation, a registration form is first presented depending up on whether or not the user already has sufficient attributes in Onegini IDP. If the profile attributes (i.e. data gathered by fields in registration form) are already present in Onegini IDP, the end user is not presented with the registration form for the organisation. Instead, the data that is already present is exchanged.
If an end user does not have all the details required by an organisation (a service provider in this case), a registration form is presented to supply only the missing information.
Irrespective of the above mention cases, the registration data for an end user specified by an organisation is submitted to it at a pre-configured end point. Please see the picture below for the section in the administration console where the end point URL is configured for an organisation.
The registration data is submitted to the organisation providing services through a JSON based REST web service request over HTTP POST. The contract is represented through Profile request object that is part of our SDK.
A typical request and response would look like in the picture below
It is up to the the organisation exposing services to either
- Find the existing user with the registration details provided and return us the end user's identifier in their system for future reference.
- Or create an account for the end user in their internal system, if the end user doesn't already exist
An organisation can return us any of the standard HTTP Response including ones to indicate an error condition like 5xx Server Error or 4xx Client Error. For successes, the HTTP status code 200 indicating OK and a JSON message in response body containing
reference_id is expected.
The account link is only triggered when an account link URL is provided in the admin console. When a response indicating an error is returned the login will stop since we cannot link this user to an existing account at the organisation and therefore the customer cannot be identified for future reference. The user will be presented with an error message that states that he cannot login because the account link was not successful.