One of the main usage of Identity Server is for user management. It gives us a lot of features.List of features are available in this page. Some of them are,
Multiple user store support
User, password and profile management
JDBC, LDAP/AD support
Default user store of Identity Server is the embadded LDAP and its a forked implementation of ApacheDS. Other configuration Data, Registry are available in H2 database.
Embedded LDAP and H2 database are not recommended in production environment. So; We have to use commercially available databases/LDAP implementations for production. Today I'm going to explain the way to use mysql database with Identity Server. We can do it following few steps.
Step 1 :-
Disable embedded LDAP property in embedded-ldap.xml file which is located in <IS_HOME>/repository/conf/identity/
Step 2 :-
Create a database and generate required tables using provided sql files.
Log in to mysql console as below. I have given 'root' for both user name and password in mysql connection.
Create a DB as below.
Use newly created db to import required tables;
You can find .sql files for different databases. Lets use mysql.sql file for our scenario.
You have to provide the correct path for dbscript directory. You can get it using pwd command after you navigate to dbscript directory.
Please make sure whether you have imported all the tables without any issue.If its getting any issue, drop the table and do the same steps as I explain in earlier.
Step 3 :-
Update the master-datasource.xml file which is located in <IS_HOME>/repository/conf/datasource directory. Comment out other unnecessary data source configurations.
If you want to use this only for user store, you can configure it in this file.
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/isdb</url>
<username>root</username>
<password>root</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>80</maxActive>
<maxWait>60000</maxWait>
<minIdle>5</minIdle>
<testOnBorrow>true</testOnBorrow>
<defaultAutoCommit>false</defaultAutoCommit>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
Step 4 :-
Change the user-mgt.xml file according to the database type. If you are going to use jdbc user store, you have to use org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager class.So; you have to uncomment it. Comment out other user stores.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
<Property name="ReadOnly">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordHashMethod">SHA</Property>
</UserStoreManager>
Step 5 :-
Download the jdbc mysql connector and put it in to <IS_HOME>/repository/components/lib directory. mysql-connector-java-5.1.38-bin.jar is working fine with WSO2 Identity Server 5.0 and 5.1.
Step 6 :-
Start the identity server using this command in linux. After that, you can use start command without -Dsetup.
Note :-
If you need to add an admin user in to the user store at server startup time, You have to set the configurations in user-mgt.xml file as below. If you set AddAdmin property to 'false', admin user is not added in to the userstore. But still its reading from this configuration file and user can log in to the admin console with the user name and password which is defined in user-mgt.xml file as below.
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
Default user store of Identity Server is the embadded LDAP and its a forked implementation of ApacheDS. Other configuration Data, Registry are available in H2 database.
Embedded LDAP and H2 database are not recommended in production environment. So; We have to use commercially available databases/LDAP implementations for production. Today I'm going to explain the way to use mysql database with Identity Server. We can do it following few steps.
Step 1 :-
Disable embedded LDAP property in embedded-ldap.xml file which is located in <IS_HOME>/repository/conf/identity/
<Property name="enable">false</Property>
Step 2 :-
Create a database and generate required tables using provided sql files.
Log in to mysql console as below. I have given 'root' for both user name and password in mysql connection.
mysql -u root -proot
Create a DB as below.
create database isdb;
Use newly created db to import required tables;
use isdb;
You can find .sql files for different databases. Lets use mysql.sql file for our scenario.
source /home/madura/Documents/wso2/wso2is-5.1.0/dbscripts/mysql.sql
You have to provide the correct path for dbscript directory. You can get it using pwd command after you navigate to dbscript directory.
Please make sure whether you have imported all the tables without any issue.If its getting any issue, drop the table and do the same steps as I explain in earlier.
Step 3 :-
Update the master-datasource.xml file which is located in <IS_HOME>/repository/conf/datasource directory. Comment out other unnecessary data source configurations.
If you want to use this only for user store, you can configure it in this file.
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/isdb</url>
<username>root</username>
<password>root</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>80</maxActive>
<maxWait>60000</maxWait>
<minIdle>5</minIdle>
<testOnBorrow>true</testOnBorrow>
<defaultAutoCommit>false</defaultAutoCommit>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
Step 4 :-
Change the user-mgt.xml file according to the database type. If you are going to use jdbc user store, you have to use org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager class.So; you have to uncomment it. Comment out other user stores.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
<Property name="ReadOnly">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordHashMethod">SHA</Property>
</UserStoreManager>
Step 5 :-
Download the jdbc mysql connector and put it in to <IS_HOME>/repository/components/lib directory. mysql-connector-java-5.1.38-bin.jar is working fine with WSO2 Identity Server 5.0 and 5.1.
Step 6 :-
Start the identity server using this command in linux. After that, you can use start command without -Dsetup.
sh wso2server.sh -Dsetup
Note :-
If you need to add an admin user in to the user store at server startup time, You have to set the configurations in user-mgt.xml file as below. If you set AddAdmin property to 'false', admin user is not added in to the userstore. But still its reading from this configuration file and user can log in to the admin console with the user name and password which is defined in user-mgt.xml file as below.
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
Tags:
Identity Server 5.3