Hi, Nabeel. 1) In `login.xhtml` I can see this fragment: ``` <s:fragment rendered="#{external_registration_uri != Null}"> <a id="externalRegistrationButton" href="#{external_registration_uri}"> <input type="button" value="Register new user"/> </a> </s:fragment> ``` So it seems it should detect when this feature enabled and display it. Otherwise you can customize this page to meet your requirements. 2) I'll try to ask on dev channel about that part 3) It's not expected, you should be ok by just requesting `openid` scope. Could you please provide some HTTP captures which backup your words? Please note that list of your scopes depends on attributes you want to retrieve. So if you specify just `openid`, then you can only expect to receive claims that are included into this scope. You can check it on the "OpenID Connect->Scopes" page 4) There may be something not right with this feature, indeed, I'm also having some problem with it at the moment. I'll investigate and get back to you later. Best regards, Alex.

Hi, Alex. Thanks for your response! I have looked into your suggestions and here are my findings: 1) I understand that "external_uri_registration_uri" needs to be set to the uri of the registration page. The documentation suggests this may be done by including a User Registration custom script and adding in the prepareForStep method. Based on this I made changes to the basic Sample Authentication script and enabled it. However it does not seem to do anything. I am not able to see anything in the logs at oxauth_script.log. I tried adding print statements at the start of the method, but again no output in the logs. This suggests the method is not invoked at all when opening the login page as part of an auth request. Following is the change I added to the script. ``` def prepareForStep(self, configurationAttributes, requestParameters, step): found = configurationAttributes.containsKey("registration_uri") if found: registrationUri = configurationAttributes.get("registration_uri").getValue2() Contexts.getEventContext().set("external_registration_uri", registrationUri) print "External Registration URI Set to " + Contexts.getEventContext().get("external_registration_uri") if (step == 1): print "Basic. Prepare for Step 1" return True else: return False ``` 3) I checked again and either of openid or profile scopes work on their own. Case in point: I have assigned profile, openid, and clientinfo scopes to my Client under "OpenID Connect->Clients". Making a request with clientinfo alone as the scope fails as expected returning the HTTP 403 response: ``` "{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token."}" ``` However including either "openid" or "profile" in my code and token requests successfully returns the attributes for all the scopes requested. Kind regards, Nabeel.

Thanks for your feedback, Nabeel. I'll try to find some time asap to investigate all issues you reported, and let you know of results.

Here are my quick answers: 1) As alex says, the user authn page can be customized. 2) Storing binary data in ldap is a bad idea. Use URL's or file locations. 3) `openid` scope is required for OpenID Connect protocol, but an application may very well need other claims that are present in other scopes. 4a) organization Logo - if this doesn't work its a bug. I think .jpg / .png / .gif format should be ok 4b) Favicon has a special format... google it. BTW, user registration via oxTrust is not really that fancy. You may want to build your own user registration page (in your portal), and use SCIM 2.0 to add a user to the Gluu Server. This is the preferred mechanism. oxTrust user registration is just a really simple, least common denominator if there is no other choice. BTW, if you think you might be interested to purchase a support contract, just book a meeting at http://gluu.org/booking or let us know when would be a good time to chat.