Creating and Managing a secondary user store via UI with WSO2 Identity Server
The WSO2 User Manager, authenticates users from different types of
user stores such as LDAP, Active Directory and JDBC to perform authentication. With the Identity Server version 4.5.0 the system enables a the administrator to create a secondary user store via the UI. In this blog post I will show in step by step how that can be achieved.
This blog post assumes that the pack is configured with a primary user store for which the administrator can login. First, access the login screen by typing the URL as ex: https://localhost:9443/carbon.
Diagram 1.0
At the above screen enter your tenants user name and password. For this post I will assume that the tenant login is admin@domain1.com /admin123. Once logged in, click on the User Store menu option available under the configure main menu. The system will direct the user to a screen as shown below on diagram 2.
Diagram 2.0
Next, click on the link, Add Secondary user store. For this blog post I will be creating a connection to a JDBC type secondary user store via the User Interface. Once the below screen loads, select the JDBC specific user store manager class listed as "org.wso2.carbon.core.jdbc.JDBCUserStoreManager". The system will load a screen where the user can specify the configuration details for the JDBC user store as shown below in diagram 3.0.
In order to create a new user store, enter the Domain Name, this is the value that will be listed for the user on the screen to add a new user or a role. For this post, the domain name I will be using is called secondmysql.
Diagram 3.0
The other details such as the RegEx patterns, can be kept as it is for the time being. Since we have to connect the user store to an existing data base. We need to link this user store with a Data Source as given in the
master-datasources.xml file available within the
path repository/conf/datasources of the WSO2 Identity Server. Let the master-datasource.xml have the below configuration with a data source name WSO2CarbonDB2 and the jndiConfig name as jdbc/WSO2CarbonDB2
<datasource>
<name>WSO2CarbonDB2</name>
<description>The
datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB2</name>
</jndiConfig>
<definition
type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/db6test</url>
<username>dbuser</username>
<password>password</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
As shown on the below diagram, lets give the value jdbc/WSO2CarbonDB2 as the data source name and click on the finish button to complete the creation of the User Store via the UI.
Diagram 4.0
Now we have completed the creation of the secondary user store and we need to test if the new user store can be used for creating a user profile. Click on the user and roles link under the configuration menu item and click on the users link to access the user list home page. At this screen their will be an option called "Add New User", the system will direct the user to a screen as shown below on Diagram 5.0. As you can see the domain name given at the time of creating the user store can be accessed by the user from the drop-down labelled Domain. Select this value and enter the required user name and password details and for now click finish.
Diagram 5.0
Next, access the user store home page or the data base and view if the added user has been saved under the required user store and the database. As shown on the below screen shot of the data base table UM_USER, the newly added user record is available under the database for which the user pointed through the master-datasource.xmlfile.
Diagram 6.0
To test the newly created user, assign the user to a user role with login permission, and login to the system with the new credentials.
Comments
Post a Comment