WSO2 Identity Server 4.5.0 brings support for dynamic configuration of multiple user stores


WSO2 Identity Server 4.5.0 is going to be released by the end of this month, with a new set of features and lot of improvements to the existed features. Allowing dynamic configuration of multiple user stores is one such new addition in this release, that improves the flexibility of the server to cater changes in the production environments.

This feature comes in handy when a requirement occurs to add more user stores, change some attributes of an existing user store or remove a user stores from the existing ones. With this new user store configuration UI, above scenarios can be executed smoothly and burden of editing XML files is taken away. This operates in dynamic manner that no server restart is required and changes are effective in few seconds.

Here are few screen-shots of the UI to be released.
The default view of user store configuration UI(Configure>User Store Management) will be as follows, when there are no secondary user stores added. (we will refer all the user stores added other than the 'Primary' as secondary.) 


Now if we hit on 'Add Secondary User Store' following form will appear allowing us to define the properties of the new user store. First we need to select the implementation class of the user store manager we are to use. By default WSO2 products comes with 4 user store manager implementations,
  1. org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager
  2. org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
  3. org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
  4. org.wso2.carbon.user.core.ldap.ActiveDirectoryLDAPUserStoreManager




If we select the JDBCUserStoreManager, the above form will appear. We should give a domain name for the user store and fill the mandatory property with data source name, which needs to be there already(which can be added from the UI itself). We can have look at the optional properties fill if them only we wish too. Then there advance properties, that can be left as it is, if we are using the default schema of WSO2 Identity Server. These advanced properties carries SQL statements related to queries, so those need updates only if the schema is customized.



Once the mandatory fields are filled, we can go ahead and add the user store manager. Then it will be shown in the table of available user store managers with the following information.

This message just ask us to wait a moment, until the new configuration are taken effect getting engaged in the current chain of user store managers.

Note: It does not mean that user store manager has been added successfully. We have to refresh the page in few seconds the check the status, as if there is some thing wrong in the given properties the user store manager will not be engaged correctly in the back-end.


The sole purpose of user stores is to keep users. So we should be able to add users if the user stores added correctly. We can check this by trying to add a new user to the system. Now if we list the domains in the user addition form, newly added user store domain should appear, if it is correctly added. If it is not something has gone wrong with the created user store manager and we have to re-check the given properties, specially the connectionURL.



Following is another user store manager implementation available, which is in LDAP category. It does not have any advanced properties relevant to it.

One more extension point to multiple user stores is we can plug our own custom user store managers to implementation. for example if we decided to move to a Cassandra user store later when our business grows up, it is also possible to write a CassandraUserStoreManager and plug it into the server. It just simply extending a provided interface, packing the implementation to a jar as an osgi bundle and dropping it inside the server. This is such a sample custom user manager written.



So if we select the CustomUserStoreManager as the implementation, the UI will accordingly ask for the relevant properties to be defined.
Cheers!

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

Tomcat JDBC Pool - Connection Leak - Catch the Culprit

How to convert WSDL to Java