Only allow account registration from one "client"


in our system we administer users with our own logic. User’s can be registered in our system and have dependencies to other entities. It checks the validity and authenticity of the user’s data and is responsible for the user’s master data and so on.

Now each user should also get an Openfire account. What we want to do is: Use Smack in our logic and create an account in Openfire. The problem is, that a user could by pass our logic and directly register an account in OpenFire. However, we want to keep OpenFire users and our users synchronous and don’t want to allow account registration through any XMPP client but only via our system.

Is there any solution for this?

Openfire’s admin UI has the abiliy to disable Inband Account Registration, which says:

“users are required to register by other means (e.g. sending requests to the server administrator or through your own custom web interface).”

But I think this isn’t quite what we are looking for, since our logic behaves kind of like a client (since we register with Smack).