Page Comparison

...

Sharing the user store

First, Initially, configure your user store(s), if you have not done so already, by following the instructions in Configuring User Stores. Thereafter, point both WSO2 IS Identity Server and WSO2 API Manager to a single user store your user stores(s) using the instructions given in section Configuring User Storesbelow. You do this to make sure that a user who tries to log in to the the API Manager console, the API Store or the Publisher is  is authorized. When a user tries to log in to either of the three applications, s/he is redirected to the configured identity provider (WSO2 IS in this case) where s/he provides the login credentials to be authenticated. In addition to this, the user should also be authorized by the system as some user roles do not have permission to perform certain actions. For the purpose of authorization, the IS and API Manager need to have a shared user store and user management database (by default, this is the H2 database in the <APIM_HOME>/repository/conf/user-mgt.xml file) where the user's role and permissions are stored.

For example, let let's take share a common JDBC user store (MySQL) for with both the WSO2 IS Identity Server and WSO2 API Manager .as follows:

1. Download WSO2 API Manager 1.10.0 from here and unzip it. <APIM_HOME> refers to the root folder where WSO2 APIM was unzipped.

2. Create a MySQL database (e.g., 410_um_db) and run the <APIM_HOME>/dbscripts/mysql.sql script on it to create the required tables. 
   If you are using a different database type, find the relevant script from the <APIM_HOME>/dbscripts directory.

3. Open the <APIM_HOME>/repository/conf/datasources/master-datasources.xml file and add the datasource configuration for the database that you use for the shared user store and user management information. For example, For example, you can share as single user store as follows. If you are sharing multiple datasources, you need to define a datasource for each of the user stores that you are working with, so that they can be shared.

   Code Block
   languagetitle html/xmlExample
   <datasource> <name>WSO2_UM_DB</name> <description>The datasource used for registry and user manager</description> <jndiConfig> <name>jdbc/WSO2UMDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/410_um_db</url> <username>username</username> <password>password</password> <driverClassName>com.mysql.jdbc.Driver</driverClassName> <maxActive>50</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <validationInterval>30000</validationInterval> </configuration> </definition> </datasource>

4. Download WSO2 Identity Server (WSO2 IS) 5.1.0 from here and unzip it. <IS_HOME> refers to the root folder where WSO2 IS was unzipped.
   

   Tip
   If you plan on using WSO2 IS as Key Manager as well, you can download the WSO2 Identity Server 5.1.0 as a Key Manager pack, which has Key Manager features pre-packaged with WSO2 IS, from here.

5. Add the same datasource configuration above to <IS_HOME>/repository/conf/datasources/master-datasources.xml file.

6. Copy the database driver JAR file to the <IS_HOME>/repository/components/lib and <APIM_HOME>/repository/components/lib directories.

7. Open the <APIM_HOME>/repository/conf/user-mgt.xml file. The dataSource property points to the default H2 database. Change it to the jndiConfig name given above (i.e., jdbc/WSO2UMDB). This changes the datasource reference that is pointing to the default H2 database.

   Code Block
   language html/xml
   <Realm> <Configuration> ... <Property name="dataSource">jdbc/WSO2UMDB</Property> </Configuration> ... </Realm>

8. Add the same configuration above to the <IS_HOME>/repository/conf/user-mgt.xml file.

9. The Identity Server has an embedded LDAP user store by default. As this is enabled by default, follow the instructions in Internal JDBC User Store Configuration to disable the default LDAP and enable the JDBC user store instead.

...