Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 API Manager's default configuration has a single user store. If required, it can be configure to connect to multiple user stores as well, so that users in any of the configured user stores are able to login and perform operations depending on their roles/permissions. This guide explains how to setup multiple user stores in WSO2 API Manager.

...

User stores are defined using $AM_HOME/repository/conf/user-mgt.xml file's <UserStoreManager> element and its <property> elements, which define the properties of a user store. By default, only a single <UserStoreManager> is enabled. To add multiple user stores, simply specify multiple <UserStoreManager> elements.  

Few important points regarding user store configuration in user-mgt.xml are as follows: 

...

3. Each user store is uniquely identified by its domain name, which is defined in the <DomainName> sub element of the <UserStoreManager> element. For example,

 

Code Block
languagehtml/xml
<Property name="DomainName">foo.com</Property>

4. When having multiple JDBC user stores, the 'dataSource' property should be specified for each user store. The data source is defined in $AM_HOME/repository/conf/datasources/master-datasources.xml file.

 Given below is an example of two JDBC user store configurations. 
 

Code Block
languagehtml/xml
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
     <Property name="dataSource">jdbc/WSO2UM1</Property>    
     <Property name="DomainName">foo.com</Property>
     <Property name="ReadOnly">false</Property>
     <Property name="MaxUserNameListLength">100</Property>
     <Property name="IsEmailUserName">false</Property>
     <Property name="DomainCalculation">default</Property>
     <Property name="PasswordDigest">SHA-256</Property>
     <Property name="StoreSaltedPassword">true</Property>
     <Property name="UserNameUniqueAcrossTenants">false</Property>
     <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
     <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
     <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
     <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
     <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
     <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
     <Property name="UserRolesCacheEnabled">true</Property>
     <Property name="maxFailedLoginAttempt">0</Property> 
</UserStoreManager>     
 
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
     <Property name="dataSource">jdbc/WSO2UM2</Property>
     <Property name="DomainName">bar.com</Property>
     <Property name="ReadOnly">false</Property>
     <Property name="MaxUserNameListLength">100</Property>
     <Property name="IsEmailUserName">false</Property>
     <Property name="DomainCalculation">default</Property>
     <Property name="PasswordDigest">SHA-256</Property>
     <Property name="StoreSaltedPassword">true</Property>
     <Property name="UserNameUniqueAcrossTenants">false</Property>
     <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
     <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
     <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
     <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
     <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
     <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
     <Property name="UserRolesCacheEnabled">true</Property>
     <Property name="maxFailedLoginAttempt">0</Property> 
</UserStoreManager>

 User Creation and Login

Users being created from the Carbon Admin Console and users API Manager console and signing up from the API Store will be are added to the primary user store only.
 
When logging in, users need to should provide the domain they belong to coupled with the username in the format 'DomainName/username' as their username.
 
For example, consider a user with the following credentials
 
username - storeuser
password - storepass
domain    - foo.com
 
When logging in, he/she will need to provide credentials as below.credentials should be provided as follows:
 
username - foo.com/storeuser
password - storepass 

...

When invoking the Login API for token generation, a user needs to provide credentials as explained in the section above. See the The following example of shows how the ‘storeuser’ would make makes a request to the Login API using curl as the REST client. 
 

Code Block
curl -k -d "grant_type=password&username=foo.com/storeuser&password=storepass&scope=PRODUCTION" -H "Authorization :Bearer SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/login

...

...
 Info
...
titleNote
...
Having multiple user stores does not have 
...
any effect on API invocations, since applications pass 
...
 generated user tokens for authorization 
...
instead of user credentials.
 Excerpt
hiddentrue
Description of how to configure multiple user stores, login and invoke APIs in WSO2 API Manager.