Tutorial - User Registration

You can browse the public content of a registry. However, both access to private objects and write access to public objects require that you are logged in and are authorized to perform that action on that object. Please see the User Registration Guide for an overview.

You must register with a registry before you can log-on to that registry and perform secure operations such as object publishing, update and removal.

Registration using Registry Browser Java UI involves the following steps:

  1. Creating a User Account
  2. Loading Client Certificate into the Web Browser

After that you are able to authenticate with the registry.

NOTE: The credentials generated by Registry Browser Java UI will not be accepted for autentication when using the Web UI. This is because these credentials have not been signed by the RegistryOperator. You are advised to use the Web UI user registration if you want to perform authentication using Registry Browser Web UI.

User Registration Using Registry Browser Java UI

User registration is performed using the User Registration Wizard. Start the Registry Browser, and click the Show User Registration Wizard toolbar button in the Registry Browser Java UI.

NOTE: The credentials generated by Registry Browser Java UI will not be accepted for autentication when using the Web UI. This is because these credentials have not been signed by the RegistryOperator.

User Registration Wizard

The User Registration Wizard is launched from the Show User Registration Wizard button () on the toolbar from the Registry Browser Java UI. It is used to create and register new users for the registry. Upon clicking the User Registration Wizard button a popup window will appear with a number of fields to fill in. See next section for details.

Digital Certificate Information

A client digital certificate is required to identify and authenticate you. There are two options:

  1. Registry Issued Certificates: Have the Registry Browser to issue a new client certificate for you. By default the User Registration Wizard uses self signed digital certificates. These certificates are not very secure. See Figure 6.1 below for an example of how to register with this kind of certificate.
  2. CA Certificates: A more secure solution is to use 3rd-party, a Certificate Authority (CA), to provide the certificate when performing user registration. One source where you can obtain a free certificate is at http://www.thawte.com/html/COMMUNITY/personal/index.html. See Figure 6.2 below for an example of how to register with this kind of certificate.

NOTE: (temporarily unavailable for registration performed with Java UI) the client certificate can be imported into your web browser to enable client certificate authentication. See the User Registration Guide for more details. This kind of authentication is required to publish and access restricted data in the Web UI client. See the Web UI User Registration for details.

Registry generated client certificate

Figure 6.1 - User registration wizard

The figure above shows to use the Wizard to export a Registry-issued certificate. Fill out all the user information fields. Click the I want Registry to issue me a new Digital Certificate radio button. Enter an alias and password for the cert. Each must be at least 6 characters. Then, for the File to Export Registry Issued Certificate to: field, click the Choose File to export to ... button to choose where to place the generated certificate. You may also type in the location of certificate directly into the Export text field.

Certificate Authority client certificate

Figure 6.2 - User registration wizard

The figure above shows to use the Wizard to import a Certificate Authority issued certificate. Fill out all the user information fields. Click the Certificate in a .pk12 file radio button. Enter the alias and password for the cert. Each must be at least 6 characters. Then, for the File to Import Existing Certificate from: field, click the Choose File to import from ... button to choose from where to import the CA certificate. You may also type in the location of certificate directly into the Import text field.

After filling in all the fields, click "OK", and the Login dialog box will appear (See Figure 6.3). Enter the new username and password to login the new user. The new user's information will now be stored in the client and server side keystore for future logons.



Figure 6.3 - Login dialog box

Loading Client Certificate to JAXR provider

This step makes your newly registered certificate (and its private key) available to the JAXR provider for use with the Registry Browser Java UI and other JAXR applications. This happens automatically if you used Registry Browser Java UI for registration.

If you used the Web UI registration, you can either:

  • Use the Key Registration Wizard in the Java UI
  • Use a command line call to import the key:

    java -classpath <path_to>/omar-common.jar(*) \

    org.freebxml.omar.common.security.KeystoreMover \

    -sourceKeystorePath <.p12 file> -sourceKeystoreType PKCS12 \

    -sourceKeystorePassword <keypasswd> \

    -sourceAlias <alias> -sourceKeyPassword <keypasswd> \

    -destinationKeystorePath ~/omar/<version>/jaxr-ebxml/security/keystore.jks \

    -destinationAlias <alias> -destinationKeyPassword <keypasswd> \

    -destinationKeystorePassword ebxmlrr

*: there might be other required classpath dependencies in the jar list. By the time this document was writen, this was the required classpath:

  • Windows: build/lib/omar-common.jar,build/lib/commons-logging.jar,build/lib/jaxr-api.jar
  • Linux: build/lib/omar-common.jar:build/lib/commons-logging.jar:build/lib/jaxr-api.jar

User Authentication

Making any changes to the registry requires you to login to the registry. To login you must click the Login button on the toolbar and fill in the username and password fields. This information will then be validated in both client and server keystores. Once logged in, you may add registry objects or edit any existing objects created by you and save your changes. To login as a different user click the login button again and enter the alternate user information. If you perform a secure operation without logging in as a registered user, the Login dialog box will appear when attempting to save your changes.

Note: There is currently no time-out for a logged in user but this feature may be added in future releases.