Introduction
Generally, we can configure an external LDAP with a WSO2 IS using <UserStoreManager> tag , and with the class attribute like this :
<UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager">
<UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager">
Apart from this, there are other default UserStoreManagers that are available with WSO2 IS, such as ActiveDirectoryUserStoreManager, JDBCUserStoreManager etc. You can find more from user-mgt.xml inside a WSO2 IS distribution's repository/conf directory
Similarly there we can define custom user stores as well.
Use Case
In the sample, CustomUserStoreManager reads a user credentials from an xml file (user.xml) and authenticates the user. This can be taken analogous to a CustomUserStoreManager that connects to a custom user store and authenticates users against the credentials stored there. The same CustomUserStoreManager has been extended to provide the functionality required by the STS configuration and issuing a SAML token with requested claim values.
Configurations
0. Download WSO2 IS 4.0.0 and extract it to a preferred location. We will refer to that as [IS_HOME]
1. Download the sample from here and extract.
2. Place the jar file in the sample: org.wso2.carbon.userstoremanager.sample-1.0.jar in [IS_HOME]/repository/components/lib.
eg: /home/manisha/WSO2/wso2is-4.0.0/repository/components/lib
3. Replace the user-mgt.xml in [IS_HOME]/repository/conf with the user-mgt.xml comes with this.
eg: /home/manisha/WSO2/wso2is-4.0.0/repository/components/lib
3. Replace the user-mgt.xml in [IS_HOME]/repository/conf with the user-mgt.xml comes with this.
4. Make the enable EmbeddedLDAP propety "false" in embedded-ldap.xml file in [IS_HOME]/repository/components/conf.
<EmbeddedLDAP>
<Property name="enable">false</Property>
...................
5. Comment out the default CommonHybridLDAPTenantManager in tenant-mgt.xml in [IS_HOME]/repository/components/conf.
6. Uncomment the JDBCTenantManager property in tenant-mgt.xml
7. Delete the database folder in [IS_HOME]/repository if you are not using a newly extracted IS distribution.
8. Start the server with the command 'sh wso2server.sh -Dsetup' if you followed the step 3.
Or else, if you are using a newly extracted IS distribution, start the server with 'sh.wso2server.sh' as usual.
(Start up file changes according to the OS you are in, above commands listed for Linux environment.)
9. Login to the management console with the credentials mentioned in the user.xml that comes with this.
10. Configure the STS to use that with the related STS client.
11. Run STS client to obtain the SAML token.
<EmbeddedLDAP>
<Property name="enable">false</Property>
...................
5. Comment out the default CommonHybridLDAPTenantManager in tenant-mgt.xml in [IS_HOME]/repository/components/conf.
6. Uncomment the JDBCTenantManager property in tenant-mgt.xml
7. Delete the database folder in [IS_HOME]/repository if you are not using a newly extracted IS distribution.
8. Start the server with the command 'sh wso2server.sh -Dsetup' if you followed the step 3.
Or else, if you are using a newly extracted IS distribution, start the server with 'sh.wso2server.sh' as usual.
(Start up file changes according to the OS you are in, above commands listed for Linux environment.)
9. Login to the management console with the credentials mentioned in the user.xml that comes with this.
10. Configure the STS to use that with the related STS client.
11. Run STS client to obtain the SAML token.
PS: Courtesy goes to Hasini Gunasinghe
No comments:
Post a Comment