Maintaining Primary and Secondary Logins
- Former user (Deleted)
In a standalone deployment of the API Manager instance, users of the API Store can have a secondary login name in addition to the primary login name. This gives the user flexibility to provide either an email or a user name to log in. You can configure the API Store to treat both login names as belonging to a single user. Users can invoke APIs with the same Accestoken without having to create a new one for the secondary login.Â
You can configure this capability using the steps below.
- Configure user login under the
<OAuth>element in <APIM_HOME>/repository/conf/identity.xml file.- Mention your primary and secondary login names. Set the
primaryattribute of the primary login totrueand theprimaryattribute of the secondary login tofalse. - Primary login doesn't have a
ClaimUri. Leave this field empty. - Provide the correct Â
ClaimUrivalue for the secondary login
An example is given below:
<OAuth> ..... . .... <LoginConfig> <UserIdLogin primary="true"> <ClaimUri></ClaimUri> </UserIdLogin> <EmailLogin primary="false"> <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri> </EmailLogin> </LoginConfig> </OAuth> - Mention your primary and secondary login names. Set the
In the API Store of a distributed setup, the
serverURLelement in the api-manager.xml file should point to the key manager instance's service endpoint. This allows users to connect to the key manager's user store to perform any operations related to API Store such as login, access token generation etc. For example,<AuthManager> <!--Server URL of the Authentication service --> <ServerURL>https://localhost:9444/services/</ServerURL> <!-- Admin username for the Authentication manager. --> <Username>admin</Username> <!-- Admin password for the Authentication manager.--> <Password>admin</Password> </AuthManager>
In the distributed setup, API Store's user store needs to point to the key manager user store.