This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

The <Configuration> section at the top of the <PRODUCT_HOME>/repository/conf/user-mgt.xml file allows you to specify basic configuration for connecting to this user store (also called a realm).

<Realm>
  <Configuration>
   <AddAdmin>true</AddAdmin>
   <AdminRole>admin</AdminRole>
   <AdminUser>
       <UserName>admin</UserName>
       <Password>admin</Password>
   </AdminUser>
   <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role see the registry root -->
   <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
  </Configuration>
...
</Realm> 

Note the following regarding the configuration above.

ElementDescription
<AddAdmin>When true, this element creates the admin user based on the AdminUser element. It also indicates whether to create the specified admin user if it doesn't already exist. When connecting to an external read-only LDAP or Active Directory user store, this property needs to be false if an admin user and admin role exist within the user store. If the admin user and admin role do not exist in the user store, this value should be true, so that the role is added to the user management database. However, if the admin user is not there in the user store, we must add that user to the user store manually. If the AddAdmin value is set to true in this case, it will generate an exception.
<AdminRole>wso2admin</AdminRole>This is the role that has all administrative privileges of the WSO2 product, so all users having this role are admins of the product. You can provide any meaningful name for this role. This role is created in the internal H2 database when the product starts. This role has permission to carry out any actions related to the Management Console. If the user store is read-only, this role is added to the system as a special internal role where users are from an external user store.
<AdminUser>

Configures the default administrator for the WSO2 product. If the user store is read-only, the admin user must exist in the user store or the system will not start. If the external user store is read-only, you must select a user already existing in the external user store and add it as the admin user that is defined in the <AdminUser> element. If the external user store is in read/write mode, and you set <AddAdmin> to true, the user you specify will be automatically created.

<UserName>This is the username of the default administrator or super tenant of the user store. If the user store is read-only, the admin user MUST exist in the user store for the process to work.
<Password>

Do NOT put the password here but leave the default value as it is if the user store is read-only as this element and its value are ignored. This password is used only if the user store is read-write and the AddAdmin value is set to true.

Note that the password in the user-mgt.xml file is written to the primary user store when the server starts for the first time. Thereafter, the password will be validated from the primary user store and not from the user-mgt.xml file. Therefore, if for any reason, you need to change the admin password stored in the user store, you cannot simply change the value in the user-mgt.xml file. To change the admin password, the chpasswd script should be executed from the <PRODUCT_HOME>/bin/ folder.


<EveryOneRoleName>The name of the "everyone" role. All users in the system belong to this role.

The main property given below contains details of the database connection.

Property Name

Description

Mandatory/Optional
dataSource
Data sources are configured in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file. This property indicates the relevant data source configuration for the User Management database.Mandatory

Given below are optional properties that can be used.

Property Name

Description

Mandatory/Optional
testOnBorrow

It is recommended to set this property to 'true' so that object connections will be validated before being borrowed from the JDBC pool. For this property to be effective, the validationQuery parameter in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file should be a non-string value. This setting will avoid connection failures. See the section on performance tuning of WSO2 products for more information.

Optional
CaseSensitiveAuthorizationRules

Permissions, and the rules (role name, action, resource) linked to each permission are stored in the RDBMS of the server. By default, these rules are not case sensitive. If you want to make these rules case sensitive, this property can be used.

Optional
  • No labels