Versions Compared

Old Version 30

changes.mady.by.user Former user

Saved on

compared with

New Version 31

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following are the steps you need to follow to do this task:

  1. Set Identity Synchronization Across Multiple Nodes#Set up three nodes.
  2. Register the Provisioning Administrators.Register
  3. Identity Synchronization Across Multiple Nodes#Register Providers.Test
  4. Identity Synchronization Across Multiple Nodes#Test Identity Synchronization.
To synchronize identity across multiple nodes:

...

  1. Create user accounts in each node that have privileges to register SCIM providers and/or perform provisioning on behalf of each store.
  2. Go to the Management Console of the store1 IS instance by visiting the following link using a browser: https://localhost:9443/carbon/.
  3. Login to the Management Console as an admin.
  4. Go to the Configure menu and select Users and Roles.
  5. Create 'centraladmin' and 'store2admin' user accounts. For more information on how to do this, view Adding a New User Configuring Users.

  6. Create a role called 'provisioning admin' and assign that role to the above two users, along with the two permissions: 'login' and 'Identity Provisioning'. For more information on how to do this, view Creating User Roles.

    Info

    The centraladmin user is used at the CentralStore to provision users created in CentralStore to Store1. 
    The store2admin user is used at the CentralStore to provision users created in Store2 to Store1 via CentralStore. 
    The default admin user is used at the Store1 itself to provision users created in Store1 itself to the CentralStore.

  7. Configure CentralStore [store1admin, store2admin] and Store2 [centraladmin, store1admin] in the same way

...

  1. Login to store1 as default admin and create a user account.
  2. Observe the logs at the backend console of each node. The information in the logs indicate that the user created at store1 is also created at the central store and store2. Additionally, you can login to the Management Console of the central store and store2 in order to verify that the user created in store1 is listed in other two nodes as well.
  3. You can perform other user and role management operations as well in each node and verify whether it is synchronized with other nodes. The following are the list of user management operations currently supported in WSO2 Identity Server to be provisioned via SCIM.
    • Create User
    • Delete User
    • Update credential of the user by admin
    • Update the profile of a user by admin
    • Update the profile of a user by the user himself
    • Create Group
    • Delete Group
    • Add users to group by updating group (Update user list of role)
    • Rename Group

    The following are the two user management operations allowed by WSO2 Identity Server, but not currently supported to be provisioned via SCIM.
    1. Add users to group by updating the user (updating the role list of user).

...