Versions Compared

Old Version 1

changes.mady.by.user Rukshani Weerasinha (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The <Configuration> section at the top of the <PRODUCT_HOME>/repository/conf/user-mgt.xml file allows you to specify basic configuration for connecting to this user store (also called a realm):

Code Block
languagehtml/xml
linenumberstrue
<Realm>
  <Configuration>
   <AddAdmin>true</AddAdmin>
   <AdminRole>admin</AdminRole>
   <AdminUser>
       <UserName>admin</UserName>
       <Password>admin</Password>
   </AdminUser>
   <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role see the registry root -->
   <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
   <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder
   </Property> 
  </Configuration>
...
</Realm>

Note the following regarding the configuration above:

ElementDescription
<AddAdmin>When true, this element creates the admin user based on the AdminUser element. It also indicates whether to create the specified admin user if it doesn't already exist. When connecting to a primary read-only LDAP or Active Directory user store, this property needs to be false if an admin user and admin role exist within the user store. If the admin user and admin role do not exist in the user store, this value should be true, so that the role is added to the user management database. However, if the admin user is not there in the user store, we must add that user to the user store manually. If the AddAdmin value is set to true in this case, it will generate an exception.
<AdminRole>wso2admin</AdminRole>This is the role that has all administrative privileges of the WSO2 product, so all users having this role are admins of the product. You can provide any meaningful name for this role. This role is created in the internal H2 database when the product starts. This role has permission to carry out any actions related to the Management Console. If the user store is read-only, this role is added to the system as a special internal role where users are from a primary user store.
<AdminUser>

Configures the default administrator for the WSO2 product. If the user store is read-only, the admin user must exist in the user store or the system will not start. If the primary user store is read-only, you must select a user already existing in the primary user store and add it as the admin user that is defined in the <AdminUser> element. If the primary user store is in read/write mode, and you set <AddAdmin> to true, the user you specify will be automatically created.

Note

If you are connecting WSO2 BAM with a primary LDAP user store, be sure to change the <BAM_HOME>/repository/conf/etc/cassandra-auth.xml file with the credentials you give in the  <AdminUser> element of the user-mgt.xml file. If not, you get an error when trying to access Cassandra Keyspaces using the BAM management console. For example, if we use AdminSOA as the admin user, the cassandra-auth.xml file must be changed as follows:

Code Block
languagehtml/xml
<Cassandra>
    <!--  local transport -->
    <EPR>local://services/CassandraSharedKeyPublisher</EPR>
    <!-- HTTP transport -->
    <!--  <EPR>https://localhost:9443/services/CassandraSharedKeyPublisher</EPR> -->
    <User>AdminSOA</User>
    <Password>xxxxx</Password>
</Cassandra>
<UserName>Username of the default administrator. This user MUST exist in the external LDAP. If the user store is read-only, the admin user must exist in the user store for the process to work.
<Password>Do NOT put the password here but leave the default value as is. If the user store is read-only, this element and its value are ignored.
<EveryOneRoleName>The name of the "everyone" role. All users in the system belong to this role.

The main properties contain details of the database connection, as follows:

...

Property Name

...

Description

...

dataSource

...

MultiTenantRealmConfigBuilder

...

Include Page
Shared:Realm Configuration (Carbon 4.2.0 v2)
Shared:Realm Configuration (Carbon 4.2.0 v2)