3.3. End User Self Service#

This section describes the End User Self Service in Nubus for Kubernetes. Fig. 3.11 gives an overview about the functions, services, and components of the End User Self Service. It provides the following functionalities:

Functional components relying on the End User Self Service Overview

Fig. 3.11 Functional components relying on the End User Self Service Overview#

To enlarge the figure, follow the tips in How to use the document.

See also

End User Self Service in interfaces and protocols section

for information about incoming and outgoing interfaces.

End User Self Service in the deployment view section

for information about Docker images, Kubernetes pods, and Helm Charts used for deployment.

End User Self Service in the functional components overview section

for information about purpose and tasks.

3.3.1. Self Service Consumer#

The purpose of the Self Service Consumer is to handle the process of informing users that their user account has been created and that it’s ready to use after they set their initial password. It acts when the Provisioning Service reports the creation of, or change to a user account. As shown in Fig. 3.12, the Consumer Message HTTP REST API sends Event objects to the Self Service Consumer.

Event objects from the Provisioning Service contain information about user account objects. From this information, the Self Service Consumer can determine that a user account has been created without a user password, and that the consumer needs to notify the user of the next step. The Self Service Consumer then triggers the UMC to send an invitation email. The invitation email provides the user with information to complete the user account setup and set a user password. The Processes for UMC modules uses SMTP to send invitation email.

During user account creation, administrators can flag a user account for the invitation process. They don’t need to assign a user password then.

Self Service Consumer application component relationships and behavior

Fig. 3.12 Self Service Consumer application component relationships and behavior#

To enlarge the figure, follow the tips in How to use the document.

3.3.2. User account profile#

The End User Self Service provides functionality to the end user to manage their User account profile. The functionality runs as UMC module in the UMC Server in the Management UI. For example, it uses the processes to present the profile elements to the user and to update these elements.

*User account profile* application service and its relationships

Fig. 3.13 User account profile application service and its relationships#

To enlarge the figure, follow the tips in How to use the document.

3.3.3. User self registration#

The End User Self Service provides an application service that allows users to register a user account by themselves, if activated in Nubus. Furthermore, if activated, administrators can invite users to complete their user account setup. Users can, for example, set their user password.

At the end of each process, a UMC module in UMC Server in the Management UI sends an email to the user with information for either completing the invitation, or confirming the account creation.

User invitation / User self registration application service and its relationships

Fig. 3.14 User invitation / User self registration application service and its relationships#

To enlarge the figure, follow the tips in How to use the document.

3.3.4. User password reset#

The User password reset is a functionality in the End User Self Service component. Fig. 3.15 shows that it uses functionality from the UMC Server, from the End User Self Service, and from the Portal Fronted. Users can initiate a password reset process from the Management UI. The UMC Server sends an email to the user with a link containing a token to reset the password. The user password reset functionality uses Processes for UMC modules and runs as a UMC module in the UMC Server. The processes of the UMC modules use the following interfaces:

  • SMTP to send invitation email to send the invitation email to the user.

  • TCP to SQL database to store the password reset token.

  • TCP to Memcached store to temporarily store the IP address of the client requesting the password reset to prevent brute force attacks.

The Memcached store is an important element for Brute Force Detection for password reset.

The Portal Frontend in User Browser in the Portal Service provides some UI elements for the End User Self Service, for example, for setting the user password after the user clicks the link with the token from their password reset email.

*User password reset* application service and its relationships

Fig. 3.15 User password reset application service and its relationships#

To enlarge the figure, follow the tips in How to use the document.

See also

Storage in the Authorization Service section

for more information about the interface and storage.

Brute force protection in the Identity Provider section

for more information about Brute force protection.