2020-11-05 17:31:15 +00:00
// Module included in the following assemblies:
//
// server_admin/topics/users.adoc
2020-11-25 19:46:17 +00:00
[id="proc-enabling-recaptcha_{context}"]
= Enabling reCAPTCHA
2020-11-05 17:31:15 +00:00
[role="_abstract"]
To safeguard registration against bots, {project_name} has integration with Google reCAPTCHA.
Once reCAPTCHA is enabled, you can edit `register.ftl` in your login theme to configure the placement and styling of the reCAPTCHA button on the registration page.
.Procedure
2020-11-25 19:46:17 +00:00
. Enter the following URL in a browser:
2020-11-25 22:53:05 +00:00
+
[source,bash,subs=+attributes]
2020-11-25 19:46:17 +00:00
----
https://developers.google.com/recaptcha/
----
2020-11-25 22:53:05 +00:00
2020-11-05 17:31:15 +00:00
. Create an API key to get your reCAPTCHA site key and secret. Note the reCAPTCHA site key and secret for future use in this procedure.
+
NOTE: The localhost works by default. You do not have to specify a domain.
+
. Navigate to the {project_name} admin console.
2020-11-25 22:53:05 +00:00
. Click *Authentication* in the menu.
2020-11-05 17:31:15 +00:00
. Click the *Flows* tab.
. Select *Registration* from the drop down menu.
2020-11-25 19:46:17 +00:00
. Set the *reCAPTCHA* requirement to *Required*. This enables
2020-11-05 17:31:15 +00:00
reCAPTCHA.
. Click *Actions* to the right of the reCAPTCHA flow entry.
2020-11-25 22:53:05 +00:00
. Click the *Config* link.
2020-11-05 17:31:15 +00:00
+
2020-11-25 19:46:17 +00:00
.Recaptcha Config Page
image:{project_images}/recaptcha-config.png[]
2020-11-25 22:53:05 +00:00
.. Enter the *Recaptcha Site Key* generated from the Google reCAPTCHA website.
.. Enter the *Recaptcha Secret* generated from the Google reCAPTCHA website.
. Authorize Google to use the registration page as an iframe.
2020-11-25 19:46:17 +00:00
+
NOTE: In {project_name}, websites cannot include a login page dialog in an iframe. This restriction is to prevent clickjacking attacks. You need to change the default HTTP response headers that is set in {project_name}.
2020-11-05 17:31:15 +00:00
+
2020-11-25 22:53:05 +00:00
.. Click *Realm Settings* in the menu.
2020-11-05 17:31:15 +00:00
.. Click the *Security Defenses* tab.
.. Enter `https://www.google.com` in the field for the *X-Frame-Options* header.
.. Enter `https://www.google.com` in the field for the *Content-Security-Policy* header.
[role="_additional-resources"]
.Additional resources
* For more information on extending and creating themes, see the link:{developerguide_link}[{developerguide_name}].
