Versions Compared

Old Version 83

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version 84

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Invitations

(info) The section applies to versions prior to Registry v3v4.30.0 and later.

Invitations are the mechanism by which enrollment is transitioned from a Petitioner to an Enrollee, when the two are not the same person. For example: when an administrator starts the enrollment process for a new participant. Invitations are sent via email, and contain a URL which the Enrollee uses to take over the Enrollment Flow. This means the email address used to deliver the invitation can also be considered verified once the invitation is accepted, but otherwise see Email Verification, below, for more information.

...

Note

There are two important considerations to remember when using Petition Specific Redirect Targets:

  1. Filtering is not performed on the URL when it is issued. As such, the whitelist should be tightly constrained to limit what URLs can be supplied for the return parameter, including what parameters or valid characters can be provided. (Keep is mind whitelist validation does not occur until the redirect is issued, so it is possible to submit invalid URLs, but they will be ignored.)

  2. Base64 encoding can result in URL special characters, specifically +, /, and =. There is no universal way to handle this, so Registry (as of v3.2.0) maps these to ., _, and - respectively. ("plus" becomes "dot", "slash" becomes "underscore", and "equals" becomes "dash".) In PHP, you might do something like this:

    Code Block
    $returnParam = str_replace(array("+", "/", "="), array(".", "_", "-"), base64_encode($myUrl));


Establishing Authenticators

As of Registry v3.3.0, Authenticators (such as Passwords and SSH Keys) may be established by the Enrollee. In order to do so:

  1. Configure the desired Authenticators, if not already done.
  2. In order for the Enrollee to be able to establish their Authenticators, the Enrollment Flow must be configured as a self signup flow or Email Confirmation must be enabled.
  3. Enable Establish Authenticators in the Enrollment Flow configuration.
  4. Set the desired mode for each Authenticator:
    • Required: The Enrollee must successfully establish the Authenticator in order to continue the flow.
    • Optional: The Enrollee may establish the Authenticator, or may click Skip to move on to the next step.
    • Not Permitted: The Authenticator will not be established during the flow.

Comments

Administrators reviewing a Petition may add comments to the petition. To do so, retrieve the appropriate Petition and click "Add Comment". The comment will be visible in the Petition History (to anyone with permission to view Petition History).

...