One of the powerful feature features of the WSO2 Identity Server; is the user management functionality. The Identity Server can be connected with any type of user store and then user store functions can be exposed as a Web Service APIs. The XACML implementation of WSO2 Identity Server uses these user management APIs for various purposes. All these user management functionalities are inherited from WSO2 Carbon platform.
Configurations are information stored in text-based files and database management systems used by the WSO2 Identity Server to serve the client in a specific manner.
- Administrator Credentials - Administrator credentials are stored in the
user-mgt.xmlfile in the repository/conf directory in the distribution pack. This information is used to log into the server in administrator mode. - User-store information - The user-store information is stored in the
user-mgt.xmlfile in the repository/conf directory andmaster-datasources.xmlin the repository/conf/datasources in the distribution pack. The
...
- information specifies the user-stores used by the server to store the client-specific identity data with the following types of user-stores.
- ldap
- Directory server user-store (e.g., Microsoft active directory)
- Database management system (e.g., MySQL)
- Text-based user-store
- Internal user-store information
This section explores different options available to customize the product according to user-specific needs.
| Table of Contents |
|---|
Realm
The following image can help you understand the concept called “Realm”.
User Realm
A realm is generally a collection of users with attributes, which may or may not be assigned to roles or groups. Basically we can say that the realm represents a user store. However the WSO2 user realm consists of following four aspects,
...
This is component that manages underlying user store. The user store can contain users, user attributes and roles (or groups). It can be a JDBC (table or set of tables), LDAP or AD. ”UserStoreManager” is the Java interface which represents the user store manager. There can be different user store manager implementations to connect with different user stores. However, only one user store manager implementation The user realm can be configured with a single user realm (single WSO2 Carbon instance). The to have multiple user store managers as secondary user store managers. The user store manager can be operated in both read/write mode and read only mode. If it is read-only mode, you can only connect with an existing user store. WSO2 Identity Server comes with the following default user store manager implementations:
...
Any user store manager implementation can be written by implementing “UserStoreManager” or extending “AbstractUserStoreManager” or extending any default implementation that is mentioned above.
JDBCUserStoreManager
...