Introduction
WSO2 Identity Server enables easy use, guaranteed security for online interaction through a single sign on environment. For more on the features visit http://wso2.com/products/identity-server/
Within this post I aim to discuss how to connect the IS Server to multiple mysql data sources. This requires configuration of the following xml files.
By Default the IS comes with an integration to a H2 database and an embedded LDAP. The objective of this task is to connect to multiple mysql DB's instead of the embedded LDAP and the H2 Data Base.
First, Install the WSO2 Identity Server but do not start the server, Refer to the Installation and Deployment http://docs.wso2.org/wiki/display/IS410/Installation+Guide for instructions.
Before starting this as a prerequisit we need to include the mysql-connector-java-5.1.7-bin.jar placed within the location /wso2is-4.1.1/repository/components/lib
The first step is to update the user-mgt.xml file. To achieve this we go to the location /wso2is-4.1.1/repository/conf and access the file as vi user-mgt.xml
Hear we need to comment the connection to the embedded LDAP as shown below:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admins</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>Wso2carbon</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
Comment the below line
<!--Property name="MultiTenantRealmConfigBuilder">
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
</Property-->
<EmbeddedLDAP>
<Property name="enable">false</Property>
<Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="instanceId">default</Property>
<Property name="connectionPassword">admin</Property>
<Property name="workingDirectory">.</Property>
<Property name="AdminEntryObjectClass">identityPerson</Property>
<Property name="allowAnonymousAccess">false</Property>
<Property name="accessControlEnabled">true</Property>
<Property name="denormalizeOpAttrsEnabled">false</Property>
<Property name="maxPDUSize">2000000</Property>
<Property name="saslHostName">localhost</Property>
<Property name="saslPrincipalName">ldap/localhost@EXAMPLE.COM</Property>
</EmbeddedLDAP>
Uncomment the below line
<!--Property name="MultiTenantRealmConfigBuilder">
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
</Property-->
</Configuration>
From the user manager.xml we need to specify the details of the multiple data sources as below:
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB2</Property>
<Property name="DomainName">domain2.com</Property>
</UserStoreManager>
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB3</Property>
<Property name="DomainName">domain3.com</Property>
</UserStoreManager>
Note: With the identity server we need to add users of a specific domain to the roles assigned to that domain. To achieve this we need to speciy the domains as shown above.
We need to comment out the all section that will connect to an LDAP user store managers
<!--
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="DomainName">DEVLAB.WSO2.COM</Property>
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://192.168.4.129:389</Property>
<Property name="ConnectionName">CN=Administrator,CN=Users,DC=devlab,DC=wso2,DC=com</Property>
<Property name="ConnectionPassword">Admin1234</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserSearchBase">DC=devlab,DC=wso2,DC=com</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="GroupSearchBase">DC=devlab,DC=wso2,DC=com</Property>
<Property name="GroupNameListFilter">(objectClass=group)</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
-->
On the tenant-mgt.xml we need to comment out any connections to LDAP and provide configurations to the JDBC Tenant manager that will help in the connection to the databases.
Include the below section
<TenantManager class="org.wso2.carbon.user.core.tenant.JDBCTenantManager">
</TenantManage>
Comment out the below section
<!--If the product is using LDAP user store in MT mode, use following tenant manager.-->
<!--TenantManager class="org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager">
<Property name="RootPartition">dc=wso2,dc=com</Property>
<Property name="OrganizationalObjectClass">organizationalUnit</Property>
<Property name="OrganizationalAttribute">ou</Property>
<Property name="OrganizationalSubContextObjectClass">organizationalUnit</Property>
<Property name="OrganizationalSubContextAttribute">ou</Property>
</TenantManager-->
Since no connections to embedded LDAP is required we also need to set the enable option of the embedded-ldap.xml to false as shown below. This will ensure that the system at start-up will not look for any embedded LDAP connections
<EmbeddedLDAP>
<Property name="enable">false</Property>
<Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="instanceId">default</Property>
<Property name="connectionPassword">admin</Property>
<Property name="workingDirectory">.</Property>
<Property name="AdminEntryObjectClass">identityPerson</Property>
<Property name="allowAnonymousAccess">false</Property>
<Property name="accessControlEnabled">true</Property>
<Property name="denormalizeOpAttrsEnabled">false</Property>
<Property name="maxPDUSize">2000000</Property>
<Property name="saslHostName">localhost</Property>
<Property name="saslPrincipalName">ldap/localhost@EXAMPLE.COM</Property>
</EmbeddedLDAP>
The next task is to specify the connections to the mysql data bases for each data source specified. To achieve this go to the location wso2is-4.1.1/repository/conf/datasources and access the master-datasources.xml file.
Note that the name of the data source within the below configuration tally with that of the configurations given within the data sources specified within the user-mgt.xml file
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/db2test</url>
<username>shavantha</username>
<password>welcome</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
<datasource>
<name>WSO2_CARBON_DB2</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB2</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/db1test</url>
<username>shavantha</username>
<password>welcome</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
To verify the connection we need to first start the server to achieve this we go to the bin folder of the IS server pack at /wso2is-4.1.1/bin and issue the command ./wso2server.sh -Dsetup This will start up the system with the configurations.
Next we login to the system with the credentials and we need to access the user and roles section of the system.
WSO2 Identity Server enables easy use, guaranteed security for online interaction through a single sign on environment. For more on the features visit http://wso2.com/products/identity-server/
Within this post I aim to discuss how to connect the IS Server to multiple mysql data sources. This requires configuration of the following xml files.
- user-mgt.xml
- tenant-mgt.xml
- embedded-ldap.xml
- master-datasources.xml
By Default the IS comes with an integration to a H2 database and an embedded LDAP. The objective of this task is to connect to multiple mysql DB's instead of the embedded LDAP and the H2 Data Base.
First, Install the WSO2 Identity Server but do not start the server, Refer to the Installation and Deployment http://docs.wso2.org/wiki/display/IS410/Installation+Guide for instructions.
Before starting this as a prerequisit we need to include the mysql-connector-java-5.1.7-bin.jar placed within the location /wso2is-4.1.1/repository/components/lib
The first step is to update the user-mgt.xml file. To achieve this we go to the location /wso2is-4.1.1/repository/conf and access the file as vi user-mgt.xml
Hear we need to comment the connection to the embedded LDAP as shown below:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admins</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>Wso2carbon</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
Comment the below line
<!--Property name="MultiTenantRealmConfigBuilder">
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
</Property-->
<EmbeddedLDAP>
<Property name="enable">false</Property>
<Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="instanceId">default</Property>
<Property name="connectionPassword">admin</Property>
<Property name="workingDirectory">.</Property>
<Property name="AdminEntryObjectClass">identityPerson</Property>
<Property name="allowAnonymousAccess">false</Property>
<Property name="accessControlEnabled">true</Property>
<Property name="denormalizeOpAttrsEnabled">false</Property>
<Property name="maxPDUSize">2000000</Property>
<Property name="saslHostName">localhost</Property>
<Property name="saslPrincipalName">ldap/localhost@EXAMPLE.COM</Property>
</EmbeddedLDAP>
Uncomment the below line
<!--Property name="MultiTenantRealmConfigBuilder">
org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder
</Property-->
</Configuration>
From the user manager.xml we need to specify the details of the multiple data sources as below:
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB2</Property>
<Property name="DomainName">domain2.com</Property>
</UserStoreManager>
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB3</Property>
<Property name="DomainName">domain3.com</Property>
</UserStoreManager>
Note: With the identity server we need to add users of a specific domain to the roles assigned to that domain. To achieve this we need to speciy the domains as shown above.
We need to comment out the all section that will connect to an LDAP user store managers
<!--
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="DomainName">DEVLAB.WSO2.COM</Property>
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://192.168.4.129:389</Property>
<Property name="ConnectionName">CN=Administrator,CN=Users,DC=devlab,DC=wso2,DC=com</Property>
<Property name="ConnectionPassword">Admin1234</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserSearchBase">DC=devlab,DC=wso2,DC=com</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="GroupSearchBase">DC=devlab,DC=wso2,DC=com</Property>
<Property name="GroupNameListFilter">(objectClass=group)</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
-->
On the tenant-mgt.xml we need to comment out any connections to LDAP and provide configurations to the JDBC Tenant manager that will help in the connection to the databases.
Include the below section
<TenantManager class="org.wso2.carbon.user.core.tenant.JDBCTenantManager">
</TenantManage>
Comment out the below section
<!--If the product is using LDAP user store in MT mode, use following tenant manager.-->
<!--TenantManager class="org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager">
<Property name="RootPartition">dc=wso2,dc=com</Property>
<Property name="OrganizationalObjectClass">organizationalUnit</Property>
<Property name="OrganizationalAttribute">ou</Property>
<Property name="OrganizationalSubContextObjectClass">organizationalUnit</Property>
<Property name="OrganizationalSubContextAttribute">ou</Property>
</TenantManager-->
Since no connections to embedded LDAP is required we also need to set the enable option of the embedded-ldap.xml to false as shown below. This will ensure that the system at start-up will not look for any embedded LDAP connections
<EmbeddedLDAP>
<Property name="enable">false</Property>
<Property name="port">${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="instanceId">default</Property>
<Property name="connectionPassword">admin</Property>
<Property name="workingDirectory">.</Property>
<Property name="AdminEntryObjectClass">identityPerson</Property>
<Property name="allowAnonymousAccess">false</Property>
<Property name="accessControlEnabled">true</Property>
<Property name="denormalizeOpAttrsEnabled">false</Property>
<Property name="maxPDUSize">2000000</Property>
<Property name="saslHostName">localhost</Property>
<Property name="saslPrincipalName">ldap/localhost@EXAMPLE.COM</Property>
</EmbeddedLDAP>
The next task is to specify the connections to the mysql data bases for each data source specified. To achieve this go to the location wso2is-4.1.1/repository/conf/datasources and access the master-datasources.xml file.
Note that the name of the data source within the below configuration tally with that of the configurations given within the data sources specified within the user-mgt.xml file
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/db2test</url>
<username>shavantha</username>
<password>welcome</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
<datasource>
<name>WSO2_CARBON_DB2</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB2</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/db1test</url>
<username>shavantha</username>
<password>welcome</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
To verify the connection we need to first start the server to achieve this we go to the bin folder of the IS server pack at /wso2is-4.1.1/bin and issue the command ./wso2server.sh -Dsetup This will start up the system with the configurations.
Next we login to the system with the credentials and we need to access the user and roles section of the system.
Comments
Post a Comment