- Create new database called APPM_UM_DB in MYSQL server.
- Create tables inside the created database by executing the script in <APPM_HOME>/dbscripts/mysql.sql
- If App Manager and Identity Server are running on the same machine, follow this step.
-
Specify the datasource definition like below in the <APPM_HOME>/repository/conf/datasources/master-datasources.xml to connect early created APPM_UM_DB database to share user store.
<datasource> <name>WSO2UM_DB</name> <description>The datasource used for user manager database</description> <jndiConfig> <name>jdbc/WSO2UM_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/APPM_UM_DB</url> <username>username</username> <password>password</password> <driverClassName>com.mysql.jdbc.Driver</driverClassName> <maxActive>50</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <validationInterval>30000</validationInterval> </configuration> </definition> </datasource> - Add the same data source configuration to <IS_HOME>/repository/conf/datasources/master-datasources.xml.
- Copy the database driver to both <IS_HOME>/repository/components/lib and <AppM_HOME>/repository/components/lib directories.
- Update the <APPM_HOME>/repository/conf/user-mgt.xml with jndiConfig name added in step 4 (i.e. jdbc/WSO2UM_DB) as below.
<configuration> ... <Property name="dataSource">jdbc/WSO2UM_DB</Property> </configuration> - Repeat step 7 to <IS_HOME>/repository/conf/user-mgt.xml.
- The Identity Server has an embedded LDAP user store and App manager has a JDBC user store by default. You can use either JDBC or LDAP user store in both servers(Both should be the same.) Here I'm using JDBC user store. Copy following configuration from <APPM_HOME>/repository/conf/user-mgt.xml to <IS_HOME>/repository/conf/user-mgt.xml. Remember to remove LDAP user store from Identity server user-mgt.xml.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UserRolesCacheEnabled">false</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SharedGroupEnabled">false</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager> - Restart both servers.
<Offset>1</Offset>
That's all. Now if you create a user or a role from one server, it will be shown in both servers.
No comments:
Post a Comment