Configuring a User Store¶
A user store is a repository that stores user credentials (user names and passwords).
Users in the Micro Integrator¶
Find out about user credentials in the Micro Integrator.
File-based user store (Default)¶
The default user store of the Micro Integrator is file-based. You can open the deployment.toml
file and add new users to the file-based user store as shown below. You can encrypt the plain text using secure vault.
[[internal_apis.users]]
user.name = "user-1"
user.password = "pwd-1"
[[internal_apis.users]]
user.name = "user-2"
user.password = "pwd-2"
The users in this store can only access the management API and related tools (Micro Integrator dashboard/Micro Integrator CLI). That is, the file-based user store only supports user authentication for the management API. If you want to use authentication for integration use cases or authorization, you need an LDAP or RDBMS user store.
Disabling the file-based user store¶
To disable the file-based user store, add the following to the deployment.toml
file.
[internal_apis.file_user_store]
enable = false
Configuring an LDAP user store¶
Before you begin
- See the documentation of your LDAP provider for instructions on setting up the LDAP.
- Disable the file-based user store.
Follow the steps given below to connect the Micro Integrator to your LDAP user store.
- Open the
deployment.toml
file stored in the<MI_HOME>/conf/
directory. -
Add the following configurations and update the required values.
Tip
Note that the
[user_store]
section is enabled by default. Be sure to update the section without duplicating the[user_store]
header.[user_store] connection_url = "ldap://localhost:10389" connection_name = "uid=admin,ou=system" connection_password = "admin" user_search_base = "ou=Users,dc=wso2,dc=org" type = "read_only_ldap"
Parameters used above are explained below.
Parameter Value connection_url
The URL for connecting to the LDAP. If you are connecting over ldaps (secured LDAP), you need to import the certificate of the user store to the truststore (wso2truststore.jks by default). See the instructions on how to add certificates to the truststore. connection_name
The username used to connect to the user store and perform various operations. This user needs to be an administrator in the user store. That is, the user requires write permission to manage add, modify users and to perform search operations on the user store. The value you specify is used as the DN (Distinguish Name) attribute of the user who has sufficient permissions to perform operations on users and roles in LDAP. connection_password
Password for the connection user name. user_search_base
The DN of the context or object under which the user entries are stored in the user store. When the user store searches for users, it will start from this location of the directory. type
Use one of the following values. read_only_ldap: The LDAP connection does not provide write access. read_write_ldap: The LDAP connection provides write access.
See the complete list of parameters you can configure for the ldap user store.
Configuring an RDBMS user store¶
Before you begin
If you are already using a JDBC user store (database) with another WSO2 product (WSO2 API Manager, WSO2 Identity Server, or an instance of WSO2 Enterprise Integrator 6.x.x), you can connect the same database to the Micro Integrator of EI 7.1. Alternatively, you can create a new RDBMS user store and connect it to the Micro Integrator.
-
To set up a new RDBMS, select the preferred RDBMS type and follow the instructions.
Tip
If you already have an RDBMS user store set up, you can skip this step.
-
Be sure to add the JDBC driver to the
<MI_HOME>/lib
folder. -
To connect the Micro Integrator to your RDBMS user store:
- Open the
deployment.toml
file (stored in the<MI_HOME>/conf
directory). -
Add the relevant configurations for your RDBMS type.
[[datasource]] id = "WSO2CarbonDB" url= "jdbc:mysql://localhost:3306/userdb" username="root" password="root" driver="com.mysql.jdbc.Driver" pool_options.maxActive=50 pool_options.maxWait = 60000 pool_options.testOnBorrow = true
[[datasource]] id = "WSO2CarbonDB" url= "jdbc:sqlserver://<IP>:1433;databaseName=userdb;SendStringParametersAsUnicode=false" username="root" password="root" driver="com.microsoft.sqlserver.jdbc.SQLServerDriver" pool_options.maxActive=50 pool_options.maxWait = 60000 pool_options.testOnBorrow = true
[[datasource]] id = "WSO2CarbonDB" url= "jdbc:oracle:thin:@SERVER_NAME:PORT/SID" username="root" password="root" driver="oracle.jdbc.OracleDriver" pool_options.maxActive=50 pool_options.maxWait = 60000 pool_options.testOnBorrow = true
[[datasource]] id = "WSO2CarbonDB" url= "jdbc:postgresql://localhost:5432/userdb" username="root" password="root" driver="org.postgresql.Driver" pool_options.maxActive=50 pool_options.maxWait = 60000 pool_options.testOnBorrow = true
[[datasource]] id = "WSO2CarbonDB" url="jdbc:db2://SERVER_NAME:PORT/userdb" username="root" password="root" driver="com.ibm.db2.jcc.DB2Driver" pool_options.maxActive=50 pool_options.maxWait = 60000 pool_options.testOnBorrow = true
Parameters used above are explained below.
Parameter Value id
The name given to the datasource. This is required to be WSO2CarbonDB. Note: If you replace 'WSO2CarbonDB' with a different id, you also need to list the id as a datasource under the [realm_manager]
section in thedeployment.toml
file as shown below.[realm_manager] data_source = "new_id"
url
The URL for connecting to the database. The type of database is determined by the URL string.. username
The username used to connect to the user store and perform various operations. This user needs to be an administrator in the user store. That is, the user requires write permission to manage add, modify users and to perform search operations on the user store. password
Password for the connection user name. driver
The driver class specific to the JDBC user store. See the complete list of database connection parameters and their descriptions. Also, see the recommendations for tuning the JDBC connection pool.
-
Add the JDBC user store manager under the
[user_store]
toml heading as shown below.Tip
- If you want to be able to modify the data in your user store, be sure to enable write access to the user store.
- Note that the
[user_store]
section is enabled by default. Be sure to update the section without duplicating the[user_store]
header.
[user_store] class = "org.wso2.micro.integrator.security.user.core.jdbc.JDBCUserStoreManager" type = "database" # Add the following parameter only if you want to disable write access to the user store. read_only = true
The datasource configured under the
[[datasource]]
toml heading will now be the effective user store for the Micro Integrator.
- Open the
What's next?¶
See Managing Users for instructions on adding, deleting, or viewing users in the user store.
Top