Registration disabled (psu and tpp)

[jsanhc]

Registration disabled

External Issue Id: 50014 Date Raised: 22/05/2020

Description of the bug Unable to register a PSU user as registration is disabled.

UI Message: Registration disabled

On the following endpoint: https://auth.*******.forgerock.financial/register?realm=openbanking

Investigation of the bug

PR related to that change before deploy:

• https://github.com/OpenBankingToolkit/openbanking-ui-common/pull/2/files

Flag

• https://github.com/ForgeCloud/ob-customers/blob/9826ca853cb7dd21813bde6b1708a0b46484abef/lloyds/deployment-settings.js#L10

Source

• https://github.com/OpenBankingToolkit/openbanking-ui-common/blob/6f651e0ff996b7949f84b266d728afad8ec4c528/projects/authentication/src/lib/components/forgerock-auth-login/forgerock-auth-login.component.ts#L40

Release Notes Affected App: X

Description: X

[jsanhc]

Analysis

The UI common implement a flag to disable the registration for tpp and psu users:

• disableRegistration for default is false.

  We need to find where is using that flag.

Searching the UI pods using the ui-template chart label UI charts:

kubectl get services --show-labels | grep ui-template

Result list:

analytics-node
analytics-ui
auth
bank-ui 
directory-ui
manual-onboarding
swagger-ui 
tpp-node
tpp-ui

Searching the flag disableRegistration Access bash UI pod:

kubectl exec -it `kubectl get pods --selector=app=${service-name-previous-list} -o name` sh

Finding the flag disableRegistration on pod:

cat usr/share/nginx/html/deployment-settings.json

Results Flag: disableRegistration found in: lbg-sandbox-dev-green version 3.1.2-queen-rc7

• auth: disableRegistration:true
• bank-ui: disableRegistration:true

[jsanhc]

Solution

1. Update the deployment-setting.json file from ${TEMPLATE} (echo $TEMPLATE)directly on the pod and restart the pod.
2. Update the file on ob-customers repo to still up to date for the next deployment.

OR

1. Update the deployment-setting.json file from ob-customers and deploy a new lloyds version.

[BohoCode]

Looks like a good analysis to me. @jgazeleyfr would probably prefer a fresh deployment rather than building up potential deployment problems?

[BohoCode]

This may not be an issue for the queen release.

There is a satisfactory work around by using the api call to create a user - substitute suitable values for the portions of the command, e.g. should be substituted for the cluster domain, e.g. master.forgerock.financial ;

curl -k 'https://am.<domain>/json/realms/root/realms/openbanking/selfservice/userRegistration?_action=submitRequirements' -H 'authority: am.<domain>' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'accept-api-version: protocol=1.0,resource=1.0' -H 'accept: application/json, text/plain, */*' -H 'content-type: application/json' -H 'origin: https://auth.<domain>' -H 'sec-fetch-site: same-site' -H 'sec-fetch-mode: cors' -H 'sec-fetch-dest: empty' -H 'referer: https://auth.<domain>/register?realm=%2Fopenbanking' -H 'accept-language: en,en-GB;q=0.9' --data-binary '{"input":{"user":{"username":"<username>","givenName":"<firstname>","sn":"<surname>","mail":"<email-addr>","userPassword":"<password>","inetUserStatus":"Active"}}}' --compressed

We should fix it in the ob-customers repo config though for the lbg dev/integ but NOT for pre-prod and production.

[BohoCode]

Have given Lloyds the above curl command to use to create PSU users in the cluster and they are happy with that and have requested that the initial ticket be marked as solved.