The default configuration of WSO2 AS has a single user store. If required, you can configure WSO2 AS to connect to multiple user stores, so that users in any of the configured user stores are able to log in and perform operations depending on their roles/permissions.
Server Configuration
User stores are defined in $PRODUCT_HOME/repository/conf/user-mgt.xml using the <UserStoreManager> element and its <property> elements, which define the properties of a user store. By default, only a single <UserStoreManager> is enabled. To add multiple user stores, specify multiple <UserStoreManager> elements in user-mgt.xml. Examples are provided below.
Following are a few important points regarding user store configuration in user-mgt.xml :
- Precedence of the user stores are given to the order in which they are defined in user-mgt.xml. The UserStoreManager specified first is considered to be the primary user store.
- An admin user must be present for the primary user store. It is defined by the <AdminUser> element.
Each user store is uniquely identified by its domain name, which is defined in the <DomainName> sub element of the <UserStoreManager> element. For example:
<Property name="DomainName">foo.com</Property>
- When you have multiple JDBC user stores, define the dataSource property for each user store in $PRODUCT _HOME/repository/conf/datasources/master-datasources.xml.
Following is an example of two JDBC user store configurations.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="dataSource">jdbc/WSO2UM1</Property> <Property name="DomainName">foo.com</Property> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="maxFailedLoginAttempt">0</Property> </UserStoreManager> <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="dataSource">jdbc/WSO2UM2</Property> <Property name="DomainName">bar.com</Property> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="maxFailedLoginAttempt">0</Property> </UserStoreManager>