Versions Compared

Old Version 18

changes.mady.by.user Former user

Saved on

compared with

New Version 19

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: https://github.com/wso2/product-apim/issues/2589

...

See Authentication using multiple Attributes in the WSO2 IS documentation.

Setting up

...

In a standalone deployment of the API Manager instance, users of the API Store can have a secondary login name in addition to the primary login name. This gives the user flexibility to provide either an email or a user name to log in. You can configure the API Store to treat both login names as belonging to a single user. Users can invoke APIs with the same access token without having to create a new one for the secondary login. 

You can configure this capability using the steps below.

  1. Configure user login under the <LoginConfig> element in the <APIM_HOME>/repository/conf/api-manager.xml file.
    1. Set the primary attribute of the primary login to true and the primary attribute of the secondary login to false.
    2. Primary login doesn't have a ClaimUri. Leave this field empty.
    3. Provide the  correct  ClaimUri value for the secondary login.

    An example is given below:

    Code Block
    languagehtml/xml
        <LoginConfig>
        <UserIdLogin primary="true">
             <ClaimUri></ClaimUri>
        </UserIdLogin>
        <EmailLogin primary="false">
             <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
        </EmailLogin>
     </LoginConfig>

  2. In the API Store of a distributed setup, the serverURL element in the <APIM_HOME>/repository/conf/api-manager.xml file should point to the key manager instance's service endpoint. This allows users to connect to the key manager's user store to perform any operations related to the API Store such as login, access token generation etc. For example,

    Code Block
    languagehtml/xml
    <AuthManager>
   <!--Server URL of the Authentication service -->
   <ServerURL>https://localhost:9444/services/</ServerURL>
 
   <!-- Admin username for the Authentication manager. -->
   <Username>admin</Username>
 
   <!-- Admin password for the Authentication manager.-->
   <Password>admin</Password>
   
   <CheckPermissionsRemotely>false</CheckPermissionsRemotely>
</AuthManager>
    Note

    If you have set the CheckPermissionRemotely parameter as true, the permissions will be checked in the remote server set in ServerURL. If the parameter is set as false the permissions will be checked by the local server

Tip

Tip: In a distributed setup, the API Store's user store needs to point to the key manager user store.

Tip

Tip: Be sure to keep the secondary login name unique to each user.

Setting up an e-mail login

See Email Authentication in the WSO2 IS documentation.

...