You can configure the API Manager instances to store access tokens in different tables according to their user store domain. This is referred to as user token partitioning and it ensures better security when there are multiple user stores configured in the system. For information on configuring user stores other than the default one, see Configuring Secondary User Stores.
To enable user token partitioning, you should change the <EnableAssertions> and <AccessTokenPartitioning> elements in <APIM_HOME>/repository/conf/identity.xml file.
...
Also set the user store domain names and mappings to new table names. For example,
- if userId = foo.com/admin where 'foo.com' is the user store domain name, then a 'mapping:domain' combo can be defined as 'A:foo.com'.
- 'A' is the mapping for the table that stores tokens relevant to users coming from 'foo.com' user store.
...