Realm Configuration

The <Configuration> section at the top of the <PRODUCT_HOME>/repository/conf/user-mgt.xml file allows you to specify basic configuration for connecting to this user store (also called a realm).

<Realm>
  <Configuration>
   <AdminRole>admin</AdminRole>
   <AdminUser>
       <UserName>admin</UserName>
       <Password>admin</Password>
   </AdminUser>
   <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role see the registry root -->
   <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
   <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder
   </Property> 
  </Configuration>
...
</Realm>

Note the following regarding the configuration above.

Element	Description
`<AdminRole>wso2admin</AdminRole>`	This is the role that has all administrative privileges of the WSO2 product, so all users having this role are admins of the product. You can provide any meaningful name for this role. This role is created in the internal H2 database when the product starts. This role has permission to carry out any actions related to the Management Console. If the user store is read-only, this role is added to the system as a special internal role where users are from an external user store.
`<AdminUser>`	Configures the default administrator for the WSO2 product. If the user store is read-only, the admin user must exist in the user store or the system will not start. If the external user store is read-only, you must select a user already existing in the external user store and add it as the admin user that is defined in the `<AdminUser>` element. If the external user store is in read/write mode, and you set `<AddAdmin>` to `true`, the user you specify will be automatically created. If you are connecting WSO2 BAM with an external LDAP user store, be sure to change the `<BAM_HOME>/repository/conf/etc/cassandra-auth.xml` file with the credentials you give in the `<AdminUser>` element of the `user-mgt.xml` file. If not, you get an error when trying to access Cassandra Keyspaces using the BAM management console. For example, if we use `AdminSOA` as the admin user, the `cassandra-auth.xml` file must be changed as follows: <Cassandra> <!-- local transport --> <EPR>local://services/CassandraSharedKeyPublisher</EPR> <!-- HTTP transport --> <!-- <EPR>https://localhost:9443/services/CassandraSharedKeyPublisher</EPR> --> <User>AdminSOA</User> <Password>xxxxx</Password> </Cassandra>
`<UserName>`	This is the username of the default administrator or super tenant of the user store. If the user store is read-only, the admin user MUST exist in the user store for the process to work.
`<Password>`	Do NOT put the password here but leave the default value as is if the user store is read-only as this element and its value are ignored. This password is used only if the user store is read-write and the `AddAdmin` value is set to `true`.
`<EveryOneRoleName>`	The name of the "everyone" role. All users in the system belong to this role.

The main properties contain details of the database connection.

Property Name	Description
dataSource	Data sources are configured in the `<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml` file. This property indicates the relevant data source configuration for the User Management database.
MultiTenantRealmConfigBuilder	Tenant Manager realm configuration parameter that is used to build different types of realms for the tenant.