tag:blogger.com,1999:blog-57375051350998412282023-11-16T05:50:17.938-08:00Isura's BlogIsura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-5737505135099841228.post-71610027314550080302016-12-22T17:28:00.003-08:002017-01-02T23:02:00.728-08:00Self User Registration feature WSO2 Identity Server 5.3.0.In this blog post, I am explaining about the self-registration feature in WSO2 Identity Server 5.3.0 release which will be released soon.<br />
<br />
<br />
<h3>
<span style="font-size: large;">Self User Registration </span></h3>
<span style="font-size: large;"><br /></span> In previous releases of Identity Server (IS 5.0.0, 5.1.0, 5.2.0), it can be used UserInformationRecovery Soap Service for self-registration feature.<br />
<br />
You can follow <a href="https://docs.wso2.com/display/IS510/Self+Sign+Up+and+Account+Confirmation">this</a> for more information about the soap service and how it can be configured.<br />
<br />
Rest API support for <a href="https://docs.wso2.com/display/IS530/apidocs/self-registration">Self-registration</a> is available in IS 5.3.0 release.<br />
<br />
UserInformationRecovery Soap APIs is also available in IS 5.3.0 release for supporting backward compatibility. You can try the Rest service through Identity Server login page (https://localhost:9443/dashboard)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5R3ov1-eRmlRXJhddkJ1Xo3-_iLVwZ-T86h6ock9qY4XdixcAEuVWDhq0TYdIkFyi99beh3gAQOh4J1j2e-aHcJJAqS3lneAM409zjOvgqZSeyC6BO4QbMj-98-h7EEqhleyuw2Bm1GwI/s1600/dashboad.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5R3ov1-eRmlRXJhddkJ1Xo3-_iLVwZ-T86h6ock9qY4XdixcAEuVWDhq0TYdIkFyi99beh3gAQOh4J1j2e-aHcJJAqS3lneAM409zjOvgqZSeyC6BO4QbMj-98-h7EEqhleyuw2Bm1GwI/s1600/dashboad.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You can't test the SOAP service through the login page. It can be tested using the <span id="goog_122907252"></span><span id="goog_122907253"></span><a href="https://www.blogger.com/"></a>user <a href="https://github.com/wso2/product-is/tree/master/modules/samples/identity-mgt/info-recovery-sample">info recovery sample</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<h3 style="clear: both; text-align: left;">
<span style="font-size: large;">How to configure self-registration rest API</span></h3>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-size: large;"><br /></span></div>
<ol style="background-color: white; box-sizing: border-box; margin-bottom: 10px; margin-top: 0px;">
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Verify following configurations in <IS_HOME>/repository/conf/identity/identity.xml file</li>
<ul>
<li><EventListener ype="org.wso2.carbon.user.core.listener.UserOperationEventListener"name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" <b style="color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">enable="false"</b><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px;">/></span></li>
<li><EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener" orderId="97" <b style="color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">enable="true"</b><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px;">></span></li>
<li><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 14px;"><EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener </span> orderId="90" <b style="font-size: 14px;">enable="true"</b><span style="font-size: 14px;">/></span></span></li>
</ul>
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Configure email setting in <IS_HOME>/repository/conf/output-event-adapters.xml file. </li>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJr-z5G8S_AVvsJLVfqjHqZNLA8C34gOS0CFsViMk08dUrW4tMOlw_dl1MBnKIMNh7HVc17aVOAHrCnjhJQa_Z7H56hyphenhyphenTovSB2izJF_3WmVHauxvXoy0T10yI1ezBu5SetyfTCzYd3gIM1/s1600/email.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJr-z5G8S_AVvsJLVfqjHqZNLA8C34gOS0CFsViMk08dUrW4tMOlw_dl1MBnKIMNh7HVc17aVOAHrCnjhJQa_Z7H56hyphenhyphenTovSB2izJF_3WmVHauxvXoy0T10yI1ezBu5SetyfTCzYd3gIM1/s1600/email.png" /></a></div>
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Start the WSO2 IS server and login to the management console.</li>
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Click on <span style="box-sizing: border-box; font-weight: 700;">Resident</span> found under the <span style="box-sizing: border-box; font-weight: 700;">Identity Providers</span> section on the <span style="box-sizing: border-box; font-weight: 700;">Main</span> tab of the management console.</li>
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Expand the <span style="box-sizing: border-box; font-weight: 700;">Account Management Policies</span> tab, then the <span style="box-sizing: border-box; font-weight: 700;">Password Recovery </span>tab and configure the following properties as required.</li>
<li style="box-sizing: border-box; color: #333333; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">Enable account lock feature to support self-registration with email confirmation feature</li>
</ol>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXkaPP5GdizRivbVKdW67Mkv3vLyX3xPn4cWI_KFVMA9H_RUDMyPXOGfsfIoIMNb3UiZck2tTJ583VIvJmpyY0FXDxGZS1rEN4vBuA98v7oIx2u_nfMun_Hxe07k28IU2WF71uQq0Cg5rP/s1600/self.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="388" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXkaPP5GdizRivbVKdW67Mkv3vLyX3xPn4cWI_KFVMA9H_RUDMyPXOGfsfIoIMNb3UiZck2tTJ583VIvJmpyY0FXDxGZS1rEN4vBuA98v7oIx2u_nfMun_Hxe07k28IU2WF71uQq0Cg5rP/s640/self.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Once the user is registered, a notification will be sent to the user's email account if the</div>
<table class="carbonFormTable" style="border: 0px; color: #555555; font-family: "Lucida Grande", "Lucida Sans", "Microsoft Sans Serif", "Lucida Sans Unicode", Verdana, sans-serif, "trebuchet ms"; font-size: 12px; margin: 0px; padding: 0px; width: 1492px;"><tbody>
<tr><td style="border: 0px; padding: 0px; vertical-align: top; width: 500px;">"Enable Notification Internally Management" <span style="color: black; font-family: "Times New Roman"; font-size: small;">property is true.<br /><br />Note: If it is not required to lock user once the registration is done, it is required disable both </span><table class="carbonFormTable" style="border: 0px; color: #555555; font-size: 12px; margin: 0px; padding: 0px; width: 1492px;"><tbody>
<tr><td style="border: 0px; padding: 0px; vertical-align: top; width: 500px;">Enable Account Lock On Creation <span style="color: black; font-family: "Times New Roman"; font-size: small;">and</span> Enable Notification Internally Management <span style="color: black; font-family: "Times New Roman"; font-size: small;">properties. Otherwise it will send a confirmaiton mail to the users email account.</span></td></tr>
</tbody></table>
</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<h3>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">APIs</span></h3>
<div>
<ul>
<li><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><b>Register User</b></span></li>
</ul>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">This API is used to create the user in Identity Server. You can try this from login page. (https://localhost:9443/dashboard/</span><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">)</span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">Click </span><a href="https://localhost:9443/accountrecoveryendpoint/register.do?callback=https%3A%2F%2Flocalhost%3A9443%2Fauthenticationendpoint%2Flogin.do%3FSSOAuthSessionID%3DA3BDB6C866AE6C0464DC4B1BB35F74CA809E39AF7E3E9D7C6AFD65FB4E91A2597685441E181BFEFBE64AAA87AE224F48C5958A155279B6690B616A27E1DE13B91F95D505A268FA7D8B9E5F4B166E98F0E33DA208F4916AC5274FBEB23EF0F04915194FFE838D8E84FFB425309E0619C2DCF0DC38B7CAA9D30DDEC541B60D812A%26commonAuthCallerPath%3D%252Fsamlsso%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D4cc7093c-48ef-4b81-8932-e7964e7134c7%26relyingParty%3Dwso2.my.dashboard%26type%3Dsamlsso%26sp%3Dwso2_sp_dashboard%26isSaaSApp%3Dtrue%26authenticators%3DBasicAuthenticator%3ALOCAL" id="registerLink">Register Now</a> <span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">button and submit the form with data. Then it will send a notification and lock the user based on the configuration. </span></div>
<ul>
<li><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><b>Resend Code</b></span></li>
</ul>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">This is used to resend the confirmation mail again.</span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">You can try this from login page. First, register a new user and try to login to the Identity Server using the registered user credentials without click on the email link received via Identity Server for confirming the user. Then, you will see following in the login page. Click <b>Re-Send </b>button to resend the confirmation link.</span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
<h2 style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoq8Mm5k-RPGrk4rE9sR9vx3JTIeXCGF8-TvLZNmW1MztljGNtEL4Ju03Sdy1zIC8f2npi0h64g-CVpFs9HPJ0D7GSNaWm-cJKGeTiKHyAT6dcbNrhpgQLubybUokBuq7LmB9P0tQtX1N7/s1600/login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoq8Mm5k-RPGrk4rE9sR9vx3JTIeXCGF8-TvLZNmW1MztljGNtEL4Ju03Sdy1zIC8f2npi0h64g-CVpFs9HPJ0D7GSNaWm-cJKGeTiKHyAT6dcbNrhpgQLubybUokBuq7LmB9P0tQtX1N7/s1600/login.png" /></a></h2>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
<ul>
<li><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><b>Validate Code</b></span></li>
</ul>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">This API will be used to validate account confirmation link sent in the email. </span></div>
<div>
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><br /></span></div>
</div>
Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com0tag:blogger.com,1999:blog-5737505135099841228.post-55345991276367357292016-10-03T18:39:00.001-07:002016-10-03T18:59:57.882-07:00Password History Extension for WSO2 Identity Server 5.2.0<br />
<br />
<br />
WSO2 Identity Server 5.2.0 was released in last month (September 2016). You can download the Identity Sever 5.2.0 from <a href="http://wso2.com/products/identity-server/#download">here</a>.<br />
<br />
It supports a lot of Identity and Access Management features OOTB and you can find them from <a href="http://wso2.com/products/identity-server/">here</a>.<br />
Currently, In Identity Server 5.2.0 version does not support password history validation feature OOTB. (This feature will be supported OOTB in next release which is planned in December 2016).<br />
Although this feature is not supported OOTB, it can be supported easily through an extension. In this blog, I have implemented a sample which will support following features for IS 5.2.0.<br />
<br />
<br />
<ul>
<li>Password cannot have been used in previous 'n' password changes</li>
<li>Password cannot have been previously used in past 'm' hours. </li>
</ul>
<div>
<br /></div>
<div>
Here the 'n' and 'm' should be configurable parameters. </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
You can go through following steps to add password history feature in IS 5.2.0.</div>
<div>
<ol>
<li>Download Identity Server 5.2.0 from <a href="http://wso2.com/products/identity-server/#download">here</a></li>
<li>Go through the installation <a href="https://docs.wso2.com/display/IS520/Installation+Guide">guide</a> and install Java and Maven.</li>
<li>Download the Extention source code from <a href="https://github.com/IsuraD/Extention/tree/master/password_history">here</a>.</li>
<li>Goto inside password_history folder and run the command "mvn clean install"</li>
<li>Copy password_history/target/org.wso2.custom-1.0.0.jar file to <IS_HOME>/repository/components/dropins folder</li>
<li>password_history/src/main/resources/dbScripts directory contains following db scripts files. Run the relevant configuration file based on your database configured in identity.xml file.</li>
<ul>
<li>db2.sql </li>
<li>informix.sql </li>
<li>mysql.sql </li>
<li>oracle.sql</li>
<li>h2.sql </li>
<li>mssql.sql </li>
<li>oracle_rac.sql </li>
<li>postgresql.sql</li>
</ul>
<li>Copy password_history/src/main/resources/password-history-identity-mgt.properties file into <IS_HOME>/repository/conf/Identity directory. It has following configrable parameters and configure them according to the requirements.</li>
<li><ul>
<li><i>#If true, password history feature will be enabled</i></li>
<li><span style="color: blue;">PasswordHistory.Enable=true</span></li>
</ul>
<div>
<br /></div>
<ul>
<li><i>#Password cannot have been used in the previous 'X' password changes</i></li>
<li><span style="color: blue;">PasswordHistory.Count=5</span></li>
</ul>
<div>
<span style="color: blue;"><br /></span></div>
<ul>
<li><i>#Password cannot have been previously used in the past 24 hours</i></li>
<li><span style="color: blue;">PasswordHistory.Time=24</span></li>
</ul>
<div>
<br /></div>
<ul>
<li><i>#Password Digest Algorithm</i></li>
<li><span style="color: blue;">PasswordHistory.hashingAlgorithm=SHA-256</span></li>
</ul>
<div>
<br /></div>
<ul>
<li><i>#Password History data store extension point</i></li>
<li><span style="color: blue;">PasswordHistory.dataStore=org.wso2.custom.store.impl.DefaultPasswordHistoryDataStore</span></li>
</ul>
</li>
<li>Start Identity Server</li>
<li>Then you are done. You can try the feature by adding user and updating credentials.</li>
</ol>
</div>
<br />Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com1tag:blogger.com,1999:blog-5737505135099841228.post-15364114880247164922016-03-08T14:33:00.000-08:002018-08-22T00:02:20.466-07:00How to Write a Custom User Store Manager - WSO2 Identity Server 5.1.0WSO2 Identity Sever OOTB support following user stores.<br />
<div>
<ul>
<li>org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager</li>
<li>org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager</li>
<li>org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager</li>
<li>org.wso2.carbon.user.core.ldap.ActiveDirectoryLDAPUserStoreManager</li>
<li>org.wso2.carbon.identity.user.store.remote.CarbonRemoteUserStoreManger</li>
</ul>
<div>
There are some cases, we have to write a custom implementation. Here I am explaining an step by step guide of how to write a custom users store manager for Identity Server 5.1.0. </div>
</div>
<div>
<br /></div>
<div>
<b>Requirement:</b> A company already has a user database and need to authenticate to Identity Server through that database.</div>
<div>
<br /></div>
<div>
Following is the schema of USER database.<br />
<br /></div>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #007020; font-weight: bold;">CREATE</span> <span style="color: #007020; font-weight: bold;">TABLE</span> TEST_USER (
USER_ID <span style="color: #007020;">INT</span> <span style="color: #007020; font-weight: bold;">NOT</span> <span style="color: #007020; font-weight: bold;">NULL</span> <span style="color: #007020; font-weight: bold;">PRIMARY</span> <span style="color: #007020; font-weight: bold;">KEY</span>,
USER_NAME <span style="color: #007020;">VARCHAR</span>(<span style="color: #40a070;">100</span>),
ENCRYPTED_USER_PASSWORD <span style="color: #007020;">VARCHAR</span>(<span style="color: #40a070;">100</span>),
EMAIL_ADDRESS <span style="color: #007020;">VARCHAR</span>(<span style="color: #40a070;">240</span>),
EMPLOYEE_ID <span style="color: #007020;">INT</span>
);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">1</span>, <span style="color: #517918;">"testadmin"</span>, <span style="color: #517918;">"testpass"</span>, <span style="color: #517918;">"admin@act.org"</span>, <span style="color: #40a070;">1000</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">2</span>, <span style="color: #517918;">"user1"</span>, <span style="color: #517918;">"user1"</span>, <span style="color: #517918;">"user1@act.org"</span>, <span style="color: #40a070;">1001</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">3</span>, <span style="color: #517918;">"user2"</span>, <span style="color: #517918;">"user2"</span>, <span style="color: #517918;">"user2@act.org"</span>, <span style="color: #40a070;">1002</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">4</span>, <span style="color: #517918;">"user3"</span>, <span style="color: #517918;">"user3"</span>, <span style="color: #517918;">"user3@act.org"</span>, <span style="color: #40a070;">1003</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">5</span>, <span style="color: #517918;">"user4"</span>, <span style="color: #517918;">"user4"</span>, <span style="color: #517918;">"user4@act.org"</span>, <span style="color: #40a070;">1004</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">6</span>, <span style="color: #517918;">"user5"</span>, <span style="color: #517918;">"user5"</span>, <span style="color: #517918;">"user5@act.org"</span>, <span style="color: #40a070;">1005</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">7</span>, <span style="color: #517918;">"user6"</span>, <span style="color: #517918;">"user6"</span>, <span style="color: #517918;">"user6@act.org"</span>, <span style="color: #40a070;">1006</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">8</span>, <span style="color: #517918;">"user7"</span>, <span style="color: #517918;">"user7"</span>, <span style="color: #517918;">"user7@act.org"</span>, <span style="color: #40a070;">1007</span>);
<span style="color: #007020; font-weight: bold;">INSERT</span> <span style="color: #007020; font-weight: bold;">INTO</span> TEST_USER (USER_ID, USER_NAME, ENCRYPTED_USER_PASSWORD, EMAIL_ADDRESS, EMPLOYEE_ID) <span style="color: #007020; font-weight: bold;">VALUES</span> (<span style="color: #40a070;">9</span>, <span style="color: #517918;">"user8"</span>, <span style="color: #517918;">"user8"</span>, <span style="color: #517918;">"user8@act.org"</span>, <span style="color: #40a070;">1008</span>);
</pre>
</div>
<br /></div>
<div>
<br />
<span style="font-size: large;">Writing Custom User Store Manager</span><br />
<ul>
<li>You can find the sample code from <a href="https://svn.wso2.org/repos/wso2/people/isura/CustomUserStoreManager">here</a>. </li>
<li>Our custom User store is a jdbc based user store and we can write it by extending the org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.</li>
<li>We need to override the doAuthenticate method to authenticate using the new database. </li>
</ul>
<div>
<br /></div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"> <span style="color: #555555; font-weight: bold;">@Override</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #902000;">boolean</span> <span style="color: #06287e;">doAuthenticate</span><span style="color: #666666;">(</span>String userName<span style="color: #666666;">,</span> Object credential<span style="color: #666666;">)</span> <span style="color: #007020; font-weight: bold;">throws</span> UserStoreException <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">if</span> <span style="color: #666666;">(</span>CarbonConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">REGISTRY_ANONNYMOUS_USERNAME</span><span style="color: #666666;">.</span><span style="color: #4070a0;">equals</span><span style="color: #666666;">(</span>userName<span style="color: #666666;">))</span> <span style="color: #666666;">{</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">error</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"Anonymous user trying to login"</span><span style="color: #666666;">);</span>
<span style="color: #007020; font-weight: bold;">return</span> <span style="color: #007020; font-weight: bold;">false</span><span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
Connection dbConnection <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">;</span>
ResultSet rs <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">;</span>
PreparedStatement prepStmt <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">;</span>
String sqlstmt <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">;</span>
String password <span style="color: #666666;">=</span> <span style="color: #666666;">(</span>String<span style="color: #666666;">)</span> credential<span style="color: #666666;">;</span>
<span style="color: #902000;">boolean</span> isAuthed <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">false</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">try</span> <span style="color: #666666;">{</span>
dbConnection <span style="color: #666666;">=</span> getDBConnection<span style="color: #666666;">();</span>
dbConnection<span style="color: #666666;">.</span><span style="color: #4070a0;">setAutoCommit</span><span style="color: #666666;">(</span><span style="color: #007020; font-weight: bold;">false</span><span style="color: #666666;">);</span>
sqlstmt <span style="color: #666666;">=</span> realmConfig<span style="color: #666666;">.</span><span style="color: #4070a0;">getUserStoreProperty</span><span style="color: #666666;">(</span>JDBCRealmConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">SELECT_USER</span><span style="color: #666666;">);</span>
prepStmt <span style="color: #666666;">=</span> dbConnection<span style="color: #666666;">.</span><span style="color: #4070a0;">prepareStatement</span><span style="color: #666666;">(</span>sqlstmt<span style="color: #666666;">);</span>
prepStmt<span style="color: #666666;">.</span><span style="color: #4070a0;">setString</span><span style="color: #666666;">(</span><span style="color: #40a070;">1</span><span style="color: #666666;">,</span> userName<span style="color: #666666;">);</span>
rs <span style="color: #666666;">=</span> prepStmt<span style="color: #666666;">.</span><span style="color: #4070a0;">executeQuery</span><span style="color: #666666;">();</span>
<span style="color: #007020; font-weight: bold;">if</span> <span style="color: #666666;">(</span>rs<span style="color: #666666;">.</span><span style="color: #4070a0;">next</span><span style="color: #666666;">())</span> <span style="color: #666666;">{</span>
String storedPassword <span style="color: #666666;">=</span> rs<span style="color: #666666;">.</span><span style="color: #4070a0;">getString</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"ENCRYPTED_USER_PASSWORD"</span><span style="color: #666666;">);</span>
<span style="color: #007020; font-weight: bold;">if</span> <span style="color: #666666;">((</span>storedPassword <span style="color: #666666;">!=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">)</span> <span style="color: #666666;">&&</span> <span style="color: #666666;">(</span>storedPassword<span style="color: #666666;">.</span><span style="color: #4070a0;">trim</span><span style="color: #666666;">().</span><span style="color: #4070a0;">equals</span><span style="color: #666666;">(</span>password<span style="color: #666666;">)))</span> <span style="color: #666666;">{</span>
isAuthed <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">true</span><span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span> <span style="color: #007020; font-weight: bold;">catch</span> <span style="color: #666666;">(</span>SQLException e<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">throw</span> <span style="color: #007020; font-weight: bold;">new</span> <span style="color: #06287e;">UserStoreException</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"Authentication Failure. Using sql :"</span> <span style="color: #666666;">+</span> sqlstmt<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span> <span style="color: #007020; font-weight: bold;">finally</span> <span style="color: #666666;">{</span>
DatabaseUtil<span style="color: #666666;">.</span><span style="color: #4070a0;">closeAllConnections</span><span style="color: #666666;">(</span>dbConnection<span style="color: #666666;">,</span> rs<span style="color: #666666;">,</span> prepStmt<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">if</span> <span style="color: #666666;">(</span>log<span style="color: #666666;">.</span><span style="color: #4070a0;">isDebugEnabled</span><span style="color: #666666;">())</span> <span style="color: #666666;">{</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">debug</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"User "</span> <span style="color: #666666;">+</span> userName <span style="color: #666666;">+</span> <span style="color: #4070a0;">" login attempt. Login success :: "</span> <span style="color: #666666;">+</span> isAuthed<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">return</span> isAuthed<span style="color: #666666;">;</span>
<span style="color: #666666;">}</span></pre>
</div>
<ul>
<li>We have to define custom SQL queries and we can make them as configurable by overriding getDefaultUserStoreProperties method as follows.</li>
</ul>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"> <span style="color: #555555; font-weight: bold;">@Override</span>
<span style="color: #007020; font-weight: bold;">public</span> org<span style="color: #666666;">.</span><span style="color: #4070a0;">wso2</span><span style="color: #666666;">.</span><span style="color: #4070a0;">carbon</span><span style="color: #666666;">.</span><span style="color: #4070a0;">user</span><span style="color: #666666;">.</span><span style="color: #4070a0;">api</span><span style="color: #666666;">.</span><span style="color: #4070a0;">Properties</span> <span style="color: #06287e;">getDefaultUserStoreProperties</span><span style="color: #666666;">()</span> <span style="color: #666666;">{</span>
Properties properties <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> Properties<span style="color: #666666;">();</span>
properties<span style="color: #666666;">.</span><span style="color: #4070a0;">setMandatoryProperties</span><span style="color: #666666;">(</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">MANDATORY_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">toArray</span>
<span style="color: #666666;">(</span><span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">[</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">MANDATORY_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">size</span><span style="color: #666666;">()]));</span>
properties<span style="color: #666666;">.</span><span style="color: #4070a0;">setOptionalProperties</span><span style="color: #666666;">(</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">OPTIONAL_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">toArray</span>
<span style="color: #666666;">(</span><span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">[</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">OPTIONAL_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">size</span><span style="color: #666666;">()]));</span>
properties<span style="color: #666666;">.</span><span style="color: #4070a0;">setAdvancedProperties</span><span style="color: #666666;">(</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">ADVANCED_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">toArray</span>
<span style="color: #666666;">(</span><span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">[</span>CustomUserStoreManagerConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">ADVANCED_PROPERTIES</span><span style="color: #666666;">.</span><span style="color: #4070a0;">size</span><span style="color: #666666;">()]));</span>
<span style="color: #007020; font-weight: bold;">return</span> properties<span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
</pre>
</div>
<br /></div>
<div>
<br />
<ul>
<li>We can set the mandatory, optional and advanced configuration as follows. </li>
</ul>
</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #007020; font-weight: bold;">package</span> com<span style="color: #666666;">.</span><span style="color: #4070a0;">wso2</span><span style="color: #666666;">.</span><span style="color: #4070a0;">carbon</span><span style="color: #666666;">.</span><span style="color: #4070a0;">custom</span><span style="color: #666666;">.</span><span style="color: #4070a0;">user</span><span style="color: #666666;">.</span><span style="color: #4070a0;">store</span><span style="color: #666666;">.</span><span style="color: #4070a0;">manager</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.wso2.carbon.user.api.Property</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.wso2.carbon.user.core.UserStoreConfigConstants</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.wso2.carbon.user.core.jdbc.JDBCRealmConstants</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">java.util.ArrayList</span><span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">class</span> <span style="color: #0e84b5; font-weight: bold;">CustomUserStoreManagerConstants</span> <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #007020; font-weight: bold;">final</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">></span> MANDATORY_PROPERTIES <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">>();</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #007020; font-weight: bold;">final</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">></span> OPTIONAL_PROPERTIES <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">>();</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #007020; font-weight: bold;">final</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">></span> ADVANCED_PROPERTIES <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> ArrayList<span style="color: #666666;"><</span>Property<span style="color: #666666;">>();</span>
<span style="color: #007020; font-weight: bold;">static</span> <span style="color: #666666;">{</span>
setMandatoryProperty<span style="color: #666666;">(</span>JDBCRealmConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">DRIVER_NAME</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Driver Name"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Full qualified driver name"</span><span style="color: #666666;">);</span>
setMandatoryProperty<span style="color: #666666;">(</span>JDBCRealmConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">URL</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Connection URL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"URL of the user store database"</span><span style="color: #666666;">);</span>
setMandatoryProperty<span style="color: #666666;">(</span>JDBCRealmConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">USER_NAME</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"User Name"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Username for the database"</span><span style="color: #666666;">);</span>
setMandatoryProperty<span style="color: #666666;">(</span>JDBCRealmConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">PASSWORD</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Password"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Password for the database"</span><span style="color: #666666;">);</span>
setProperty<span style="color: #666666;">(</span>UserStoreConfigConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">disabled</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Disabled"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"false"</span><span style="color: #666666;">,</span> UserStoreConfigConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">disabledDescription</span><span style="color: #666666;">);</span>
setProperty<span style="color: #666666;">(</span><span style="color: #4070a0;">"ReadOnly"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Read Only"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"true"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Indicates whether the user store of this realm operates in the user read only mode or not"</span><span style="color: #666666;">);</span>
setProperty<span style="color: #666666;">(</span>UserStoreConfigConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">SCIMEnabled</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"SCIM Enabled"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"false"</span><span style="color: #666666;">,</span> UserStoreConfigConstants<span style="color: #666666;">.</span><span style="color: #4070a0;">SCIMEnabledDescription</span><span style="color: #666666;">);</span>
setAdvancedProperty<span style="color: #666666;">(</span><span style="color: #4070a0;">"SelectUserSQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Select User SQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"SELECT * FROM TEST_USER WHERE USER_NAME=?"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">);</span>
setAdvancedProperty<span style="color: #666666;">(</span><span style="color: #4070a0;">"UserFilterSQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"User Filter SQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"SELECT USER_NAME FROM TEST_USER WHERE USER_NAME LIKE"</span> <span style="color: #666666;">+</span>
<span style="color: #4070a0;">" ? ORDER BY USER_NAME"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">);</span>
setAdvancedProperty<span style="color: #666666;">(</span><span style="color: #4070a0;">"IsUserExistingSQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"Is User Existing SQL"</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">"SELECT USER_NAME FROM TEST_USER WHERE "</span> <span style="color: #666666;">+</span>
<span style="color: #4070a0;">"USER_NAME=? "</span><span style="color: #666666;">,</span> <span style="color: #4070a0;">""</span><span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">private</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">setProperty</span><span style="color: #666666;">(</span>String name<span style="color: #666666;">,</span> String displayName<span style="color: #666666;">,</span> String value<span style="color: #666666;">,</span> String description<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
Property property <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">(</span>name<span style="color: #666666;">,</span> value<span style="color: #666666;">,</span> displayName <span style="color: #666666;">+</span> <span style="color: #4070a0;">"#"</span> <span style="color: #666666;">+</span> description<span style="color: #666666;">,</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">);</span>
OPTIONAL_PROPERTIES<span style="color: #666666;">.</span><span style="color: #4070a0;">add</span><span style="color: #666666;">(</span>property<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">private</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">setMandatoryProperty</span><span style="color: #666666;">(</span>String name<span style="color: #666666;">,</span> String displayName<span style="color: #666666;">,</span> String value<span style="color: #666666;">,</span> String description<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
Property property <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">(</span>name<span style="color: #666666;">,</span> value<span style="color: #666666;">,</span> displayName <span style="color: #666666;">+</span> <span style="color: #4070a0;">"#"</span> <span style="color: #666666;">+</span> description<span style="color: #666666;">,</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">);</span>
MANDATORY_PROPERTIES<span style="color: #666666;">.</span><span style="color: #4070a0;">add</span><span style="color: #666666;">(</span>property<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">private</span> <span style="color: #007020; font-weight: bold;">static</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">setAdvancedProperty</span><span style="color: #666666;">(</span>String name<span style="color: #666666;">,</span> String displayName<span style="color: #666666;">,</span> String value<span style="color: #666666;">,</span> String description<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
Property property <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> Property<span style="color: #666666;">(</span>name<span style="color: #666666;">,</span> value<span style="color: #666666;">,</span> displayName <span style="color: #666666;">+</span> <span style="color: #4070a0;">"#"</span> <span style="color: #666666;">+</span> description<span style="color: #666666;">,</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">);</span>
ADVANCED_PROPERTIES<span style="color: #666666;">.</span><span style="color: #4070a0;">add</span><span style="color: #666666;">(</span>property<span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span>
</pre>
</div>
<br />
<br />
<br />
<ul>
<li>Register Custom User Store Manager in OSGI framework</li>
</ul>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #60a0b0; font-style: italic;">/**</span>
<span style="color: #60a0b0; font-style: italic;"> * @scr.component name="com.wso2.carbon.custom.user.store.manager.component" immediate="true"</span>
<span style="color: #60a0b0; font-style: italic;"> * @scr.reference name="realm.service"</span>
<span style="color: #60a0b0; font-style: italic;"> * interface="org.wso2.carbon.user.core.service.RealmService"cardinality="1..1"</span>
<span style="color: #60a0b0; font-style: italic;"> * policy="dynamic" bind="setRealmService" unbind="unsetRealmService"</span>
<span style="color: #60a0b0; font-style: italic;"> */</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">class</span> <span style="color: #0e84b5; font-weight: bold;">CustomUserStoreManagerServiceComponent</span> <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">private</span> <span style="color: #007020; font-weight: bold;">static</span> Log log <span style="color: #666666;">=</span> LogFactory<span style="color: #666666;">.</span><span style="color: #4070a0;">getLog</span><span style="color: #666666;">(</span>CustomUserStoreManagerServiceComponent<span style="color: #666666;">.</span><span style="color: #4070a0;">class</span><span style="color: #666666;">);</span>
<span style="color: #007020; font-weight: bold;">private</span> <span style="color: #007020; font-weight: bold;">static</span> RealmService realmService<span style="color: #666666;">;</span>
<span style="color: #007020; font-weight: bold;">protected</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">activate</span><span style="color: #666666;">(</span>ComponentContext ctxt<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
Hashtable<span style="color: #666666;"><</span>String<span style="color: #666666;">,</span> String<span style="color: #666666;">></span> props <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> Hashtable<span style="color: #666666;"><</span>String<span style="color: #666666;">,</span> String<span style="color: #666666;">>();</span>
CustomUserStoreManager customUserStoreManager <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">new</span> CustomUserStoreManager<span style="color: #666666;">();</span>
ctxt<span style="color: #666666;">.</span><span style="color: #4070a0;">getBundleContext</span><span style="color: #666666;">().</span><span style="color: #4070a0;">registerService</span><span style="color: #666666;">(</span>UserStoreManager<span style="color: #666666;">.</span><span style="color: #4070a0;">class</span><span style="color: #666666;">.</span><span style="color: #4070a0;">getName</span><span style="color: #666666;">(),</span> customUserStoreManager<span style="color: #666666;">,</span> props<span style="color: #666666;">);</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">info</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"CustomUserStoreManager bundle activated successfully.."</span><span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">protected</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">deactivate</span><span style="color: #666666;">(</span>ComponentContext ctxt<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">if</span> <span style="color: #666666;">(</span>log<span style="color: #666666;">.</span><span style="color: #4070a0;">isDebugEnabled</span><span style="color: #666666;">())</span> <span style="color: #666666;">{</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">info</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"CustomUserStoreManager bundle is deactivated"</span><span style="color: #666666;">);</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">protected</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">setRealmService</span><span style="color: #666666;">(</span>RealmService realmService<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">debug</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"Setting the Realm Service"</span><span style="color: #666666;">);</span>
CustomUserStoreManagerServiceComponent<span style="color: #666666;">.</span><span style="color: #4070a0;">realmService</span> <span style="color: #666666;">=</span> realmService<span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">protected</span> <span style="color: #902000;">void</span> <span style="color: #06287e;">unsetRealmService</span><span style="color: #666666;">(</span>RealmService realmService<span style="color: #666666;">)</span> <span style="color: #666666;">{</span>
log<span style="color: #666666;">.</span><span style="color: #4070a0;">debug</span><span style="color: #666666;">(</span><span style="color: #4070a0;">"UnSetting the Realm Service"</span><span style="color: #666666;">);</span>
CustomUserStoreManagerServiceComponent<span style="color: #666666;">.</span><span style="color: #4070a0;">realmService</span> <span style="color: #666666;">=</span> <span style="color: #007020; font-weight: bold;">null</span><span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
<span style="color: #007020; font-weight: bold;">public</span> <span style="color: #007020; font-weight: bold;">static</span> RealmService <span style="color: #06287e;">getRealmService</span><span style="color: #666666;">()</span> <span style="color: #666666;">{</span>
<span style="color: #007020; font-weight: bold;">return</span> realmService<span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span>
</pre>
</div>
<br /></div>
<br />
<span style="font-size: large;">Identity Server Configurations. </span><br />
<span style="font-size: large;"><br /></span>
<br />
<ul>
<li>Compile the custom user store manager code and then you will get com.wso2.carbon.custom.user.store.manager-1.0.0.jar OSGI bundlle.</li>
<li>Copy com.wso2.carbon.custom.user.store.manager-1.0.0.jar into <IS_HOME>/repository/components/dropins folder.</li>
<li>Configure new database in <IS_HOME>//repository/conf/datasources/master-datasources.xml file as follows</li>
</ul>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #062873; font-weight: bold;"><datasource></span>
<span style="color: #062873; font-weight: bold;"><name></span>CustomUserDB<span style="color: #062873; font-weight: bold;"></name></span>
<span style="color: #062873; font-weight: bold;"><description></span>Custom User Database<span style="color: #062873; font-weight: bold;"></description></span>
<span style="color: #062873; font-weight: bold;"><jndiConfig></span>
<span style="color: #062873; font-weight: bold;"><name></span>jdbc/CustomUserDB<span style="color: #062873; font-weight: bold;"></name></span>
<span style="color: #062873; font-weight: bold;"></jndiConfig></span>
<span style="color: #062873; font-weight: bold;"><definition</span> <span style="color: #4070a0;">type="RDBMS"</span><span style="color: #062873; font-weight: bold;">></span>
<span style="color: #062873; font-weight: bold;"><configuration></span>
<span style="color: #062873; font-weight: bold;"><url></span>jdbc:mysql://localhost:3306/Custom<span style="color: #062873; font-weight: bold;"></url></span>
<span style="color: #062873; font-weight: bold;"><username></span>root<span style="color: #062873; font-weight: bold;"></username></span>
<span style="color: #062873; font-weight: bold;"><password></span>root<span style="color: #062873; font-weight: bold;"></password></span>
<span style="color: #062873; font-weight: bold;"><driverClassName></span>com.mysql.jdbc.Driver<span style="color: #062873; font-weight: bold;"></driverClassName></span>
<span style="color: #062873; font-weight: bold;"><maxActive></span>50<span style="color: #062873; font-weight: bold;"></maxActive></span>
<span style="color: #062873; font-weight: bold;"><maxWait></span>60000<span style="color: #062873; font-weight: bold;"></maxWait></span>
<span style="color: #062873; font-weight: bold;"><testOnBorrow></span>true<span style="color: #062873; font-weight: bold;"></testOnBorrow></span>
<span style="color: #062873; font-weight: bold;"><validationQuery></span>SELECT 1<span style="color: #062873; font-weight: bold;"></validationQuery></span>
<span style="color: #062873; font-weight: bold;"><validationInterval></span>30000<span style="color: #062873; font-weight: bold;"></validationInterval></span>
<span style="color: #062873; font-weight: bold;"></configuration></span>
<span style="color: #062873; font-weight: bold;"></definition></span>
<span style="color: #062873; font-weight: bold;"></datasource></span>
</pre>
</div>
<br /></div>
<div>
<br /></div>
<br />
<ul>
<li>Start Identity Server.</li>
<li>Go to Add User button inside Home/Identity.</li>
</ul>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxg2DyBzw8m-5LUfCMm6CIuqDmegQ1DYYoggJmnh14AoiRQdnTO1qCCnsV8hk_OVwM7T5vwNPWIYvTuGlPCPylFhWihUimpervdghtrxDp-6fstVILsS5uZcJ1clF3AxLPPjORq0VbRxM/s1600/customUserStore.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="339" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgxg2DyBzw8m-5LUfCMm6CIuqDmegQ1DYYoggJmnh14AoiRQdnTO1qCCnsV8hk_OVwM7T5vwNPWIYvTuGlPCPylFhWihUimpervdghtrxDp-6fstVILsS5uZcJ1clF3AxLPPjORq0VbRxM/s640/customUserStore.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<ul>
<li>Then you can fill the configurations as above image</li>
<li>Then assign login permission to Internal/everyone role </li>
<li>Try to login to management console using user1/user1</li>
</ul>
<br />
<br />
<br /></div>
Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com4tag:blogger.com,1999:blog-5737505135099841228.post-2058299104517432782016-02-18T02:06:00.001-08:002016-02-28T18:16:40.396-08:00WSO2 Identity Server 5.1.0 behind Proxy(Load Balancer) <span style="color: blue; font-size: x-large;">WSO2 Identity Server behind Proxy or Load Balancer.</span><br />
<span style="font-size: x-large;"><br /></span> In this blog, I am going to explain step by step guide to how to configure WSO2 Identity Server 5.1.0 with a proxy port and proxy host.<br />
<br />
<h3>
Configuring Proxy Port</h3>
<br />
By default WSO2 Identity Server is running on 9443 port. Here I am going to explain the way of configuring a proxy port of 443.<br />
<br />
<ul>
<li>Open <wso2is-5.1.0>/repository/conf/tomcat/catalina-server.xml file and add the proxy port 443 in https connector as follows.</li>
</ul>
<div>
<blockquote class="tr_bq">
<span style="font-family: "verdana" , sans-serif;"><span style="color: blue;"> </span></span></blockquote>
</div>
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #062873; font-weight: bold;"><Connector</span> <span style="color: #4070a0;">protocol="org.apache.coyote.http11.Http11NioProtocol"</span>
<span style="color: #4070a0;">port="9443"</span>
<span style="color: #4070a0;">proxyPort="443"</span>
</pre>
</div>
<div>
<br />
Note: It is not possible to configure proxy port from load balancer itself since there is a post request while authenticating to IS Dashboard. So, If you are planning to use Identity server Dashboard, this configuration is a must.<br />
<br />
<br />
<br />
<br />
<h3>
</h3>
<h3>
Configuring Proxy Host</h3>
</div>
<div>
<br /></div>
<div>
<b>1. Use the same hostname in both Identity Server and Loadbalancer</b><br />
<ol>
</ol>
</div>
<div>
<ul>
<li>Open <wso2is-5.1.0>/repository/conf/carbon.xml file and configure the hostname and management hostname as follows</li>
</ul>
<div>
<br /></div>
</div>
<br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"> <span style="color: #062873; font-weight: bold;"><HostName></span>wso2.is.com<span style="color: #062873; font-weight: bold;"></HostName></span>
<span style="color: #062873; font-weight: bold;"><MgtHostName></span>wso2.is.com<span style="color: #062873; font-weight: bold;"></MgtHostName></span>
</pre>
</div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<ul>
<li>Create a new Keystore with the new hostname. Following is the keytool command to create new</li>
</ul>
</div>
<br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">keytool <span style="color: #666666;">-</span>genkey <span style="color: #666666;">-</span>alias wso2carbon <span style="color: #666666;">-</span>keyalg RSA <span style="color: #666666;">-</span>keysize <span style="color: #40a070;">1024</span> <span style="color: #666666;">-</span>dname <span style="color: #4070a0;">"CN=wso2.is.com,OU=Home,O=Home,L=SL,S=WS,C=LK"</span> <span style="color: #666666;">-</span>keypass wso2carbon <span style="color: #666666;">-</span>keystore wso2carbon<span style="color: #666666;">.</span><span style="color: #4070a0;">jks</span> <span style="color: #666666;">-</span>storepass wso2carbon
</pre>
</div>
<br />
<div>
<br /></div>
<div>
Create new two keystores for client-trustore.jks and wso2carbon.jks. </div>
<div>
<br /></div>
<div>
You can follow [1] for more information on how to configure keystores in WSO2 servers. </div>
<div>
<br /></div>
<div>
<ul>
<li>Configure Nginx configuration as follows</li>
</ul>
<div>
<br /></div>
</div>
<div>
<div>
<br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">upstream ssl<span style="color: #666666;">.</span><span style="color: #4070a0;">wso2</span><span style="color: #666666;">.</span><span style="color: #4070a0;">as</span><span style="color: #666666;">.</span><span style="color: #4070a0;">com</span> <span style="color: #666666;">{</span>
server wso2<span style="color: #666666;">.</span><span style="color: #4070a0;">is</span><span style="color: #666666;">.</span><span style="color: #4070a0;">com</span><span style="color: #666666;">:</span><span style="color: #40a070;">9443</span><span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
server <span style="color: #666666;">{</span>
listen <span style="color: #40a070;">443</span><span style="color: #666666;">;</span>
server_name wso2<span style="color: #666666;">.</span><span style="color: #4070a0;">is</span><span style="color: #666666;">.</span><span style="color: #4070a0;">com</span><span style="color: #666666;">;</span>
client_max_body_size <span style="color: #40a070;">100</span>M<span style="color: #666666;">;</span>
ssl on<span style="color: #666666;">;</span>
ssl_certificate <span style="color: #666666;">/</span>etc<span style="color: #666666;">/</span>ssl<span style="color: #666666;">/</span>nginx<span style="color: #666666;">/</span>nginx<span style="color: #666666;">-</span>repo<span style="color: #666666;">.</span><span style="color: #4070a0;">crt</span><span style="color: #666666;">;</span>
ssl_certificate_key <span style="color: #666666;">/</span>etc<span style="color: #666666;">/</span>ssl<span style="color: #666666;">/</span>nginx<span style="color: #666666;">/</span>nginx<span style="color: #666666;">-</span>repo<span style="color: #666666;">.</span><span style="color: #4070a0;">key</span><span style="color: #666666;">;</span>
location <span style="color: #666666;">/</span> <span style="color: #666666;">{</span>
proxy_set_header X<span style="color: #666666;">-</span>Forwarded<span style="color: #666666;">-</span>Host $host<span style="color: #666666;">;</span>
proxy_set_header X<span style="color: #666666;">-</span>Forwarded<span style="color: #666666;">-</span>Server $host<span style="color: #666666;">;</span>
proxy_set_header X<span style="color: #666666;">-</span>Forwarded<span style="color: #666666;">-</span>For $proxy_add_x_forwarded_for<span style="color: #666666;">;</span>
proxy_redirect <span style="color: #002070; font-weight: bold;">https:</span><span style="color: #60a0b0; font-style: italic;">//ssl.wso2.as.com https://wso2.is.com;</span>
proxy_pass <span style="color: #002070; font-weight: bold;">https:</span><span style="color: #60a0b0; font-style: italic;">//ssl.wso2.as.com;</span>
proxy_http_version <span style="color: #40a070;">1.1</span><span style="color: #666666;">;</span>
proxy_set_header Upgrade $http_upgrade<span style="color: #666666;">;</span>
proxy_set_header Connection <span style="color: #4070a0;">"upgrade"</span><span style="color: #666666;">;</span>
<span style="color: #666666;">}</span>
<span style="color: #666666;">}</span>
</pre>
</div>
<div>
<br /></div>
</div>
<div>
<br /></div>
<div>
You need to change the path of certificate and certificate_key. </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/jaggeryapps/dashboard/conf/site.json file as follows</li>
</ul>
<div>
<br /></div>
</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">{
<span style="color: #062873; font-weight: bold;">"proxy"</span> : {
<span style="color: #062873; font-weight: bold;">"proxyHost"</span> : <span style="color: #4070a0;">"wso2.is.com"</span>,
<span style="color: #062873; font-weight: bold;">"proxyHTTPSPort"</span> : <span style="color: #4070a0;">"443"</span>,
<span style="color: #062873; font-weight: bold;">"proxyContextPath"</span> : <span style="color: #4070a0;">""</span>,
<span style="color: #062873; font-weight: bold;">"servicePath"</span> : <span style="color: #4070a0;">"/services"</span>
}
}
</pre>
</div>
<div>
<br /></div>
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/jaggeryapps/portal/conf/site.json file as follows</li>
</ul>
<div>
<div>
{</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;">{
<span style="color: #062873; font-weight: bold;">"proxy"</span> : {
<span style="color: #062873; font-weight: bold;">"proxyHost"</span> : <span style="color: #4070a0;">"wso2.is.com"</span>,
<span style="color: #062873; font-weight: bold;">"proxyHTTPSPort"</span> : <span style="color: #4070a0;">"443"</span>,
<span style="color: #062873; font-weight: bold;">"proxyContextPath"</span> : <span style="color: #4070a0;">""</span>
},
<span style="color: #062873; font-weight: bold;">"fido"</span> : {
<span style="color: #062873; font-weight: bold;">"appId"</span> : <span style="color: #4070a0;">""</span>
}
}
</pre>
</div>
<div>
<br /></div>
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/webapps/shindig/WEB-INF/web.xml</li>
</ul>
<div>
</div>
</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #f0f0f0; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #062873; font-weight: bold;"><context-param></span>
<span style="color: #062873; font-weight: bold;"><param-name></span>system.properties<span style="color: #062873; font-weight: bold;"></param-name></span>
<span style="color: #062873; font-weight: bold;"><param-value></span>
<span style="color: #007020;"><![CDATA[</span>
<span style="color: #007020;"> shindig.host=wso2.is.com</span>
<span style="color: #007020;"> shindig.port=443</span>
<span style="color: #007020;"> aKey=/shindig/gadgets/proxy?container=default&url=</span>
<span style="color: #007020;"> ]]></span>
</pre>
</div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<ul>
<li>Import the load balancer certificate into client-trustore.jks file.</li>
</ul>
<div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<div>
<div>
<div>
<div style="margin: 0px;">
Note: Load balancer certificate should be IS hostname. </div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
</div>
</div>
</div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<b>2. Configure a proxyName in catalina-server.xml file. </b><br />
<b><br /></b>
<br />
<b><br /></b>
<div>
<b><br /></b></div>
</div>
If you want to use a proxyname which is diffrent from the Identity Server hostname, you can do it configuring catalina-server.xml file.<br />
<br />
If your load balancer hostname is is.wso2.com and Identity Server hostname a-s00001572, following configurations need to be done inorder to work Identity Server behind that proxy name and port.<br />
<br />
<br />
<div>
<ul>
<li>Open <wso2is-5.1.0>/repository/conf/carbon.xml file and configure the hostname and management hostname as follows</li>
</ul>
<div>
<br /></div>
</div>
<br />
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;"> <span style="color: #062873; font-weight: bold;"><HostName></span><span style="font-family: "times new roman"; line-height: normal; white-space: normal;">a-s00001572</span><span style="color: #062873; font-weight: bold;"></HostName></span>
<span style="color: #062873; font-weight: bold;"><MgtHostName></span><span style="font-family: "times new roman"; line-height: normal; white-space: normal;">a-s00001572</span><span style="color: #062873; font-weight: bold;"></MgtHostName></span>
</pre>
</div>
<div>
<span style="color: blue;"><br /></span></div>
<br />
<ul></ul>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<div>
<ul>
<li>Create a new Keystore with the new hostname. Following is the keytool command to create new</li>
</ul>
</div>
<br />
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;">keytool <span style="color: #666666;">-</span>genkey <span style="color: #666666;">-</span>alias wso2carbon <span style="color: #666666;">-</span>keyalg RSA <span style="color: #666666;">-</span>keysize <span style="color: #40a070;">1024</span> <span style="color: #666666;">-</span>dname <span style="color: #4070a0;">"a-s00001572,OU=Home,O=Home,L=SL,S=WS,C=LK"</span> <span style="color: #666666;">-</span>keypass wso2carbon <span style="color: #666666;">-</span>keystore wso2carbon<span style="color: #666666;">.</span><span style="color: #4070a0;">jks</span> <span style="color: #666666;">-</span>storepass wso2carbon
</pre>
</div>
<br />
<div>
<br /></div>
<div>
Create new two keystores for client-trustore.jks and wso2carbon.jks. </div>
<div>
<br /></div>
<div>
You can follow [1] for more information on how to configure keystores in WSO2 servers. </div>
<div>
<br /></div>
<span style="color: blue;"></span><br />
<div>
<ul>
<li>Configure Nginx configuration as follows</li>
</ul>
<div>
</div>
</div>
</div>
<br />
<div>
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;"><pre style="color: #333333;"><span style="color: #007020; font-weight: bold;">upstream</span> <span style="color: #4070a0;">ssl.wso2.as.com</span> {
<span style="color: #007020; font-weight: bold;">server</span> <span style="color: #4070a0;">A-S00001572:9443</span>;
}
<span style="color: #007020; font-weight: bold;">server</span> {
<span style="color: #007020; font-weight: bold;">listen</span> <span style="color: #40a070;">443</span>;
<span style="color: #007020; font-weight: bold;">server_name</span> <span style="color: #4070a0;">is.wso2.com</span>;
<span style="color: #007020; font-weight: bold;">client_max_body_size</span> <span style="color: #4070a0;">100M</span>;
<span style="color: #007020; font-weight: bold;">ssl</span> <span style="color: #60add5;">on</span>;
<span style="color: #007020; font-weight: bold;">ssl_certificate</span> <span style="color: #4070a0;">/etc/ssl/nginx/nginx-repo.crt</span>;
<span style="color: #007020; font-weight: bold;">ssl_certificate_key</span> <span style="color: #4070a0;">/etc/ssl/nginx/nginx-repo.key</span>;
<span style="color: #007020; font-weight: bold;">location</span> <span style="color: #4070a0;">/</span> {
<span style="color: #007020; font-weight: bold;">proxy_set_header</span> <span style="color: #4070a0;">X-Forwarded-Host</span> <span style="color: #bb60d5;">$host</span>;
<span style="color: #007020; font-weight: bold;">proxy_set_header</span> <span style="color: #4070a0;">X-Forwarded-Server</span> <span style="color: #bb60d5;">$host</span>;
<span style="color: #007020; font-weight: bold;">proxy_set_header</span> <span style="color: #4070a0;">X-Forwarded-For</span> <span style="color: #bb60d5;">$proxy_add_x_forwarded_for</span>;
<span style="color: #007020; font-weight: bold;">proxy_redirect</span> <span style="color: #4070a0;">https://A-S00001572:9443</span> <span style="color: #4070a0;">https://A-S00001572</span>;
<span style="color: #007020; font-weight: bold;">proxy_pass</span> <span style="color: #4070a0;">https://ssl.wso2.as.com</span>;
<span style="color: #007020; font-weight: bold;">proxy_http_version</span> <span style="color: #40a070;">1</span><span style="color: #4070a0;">.1</span>;
<span style="color: #007020; font-weight: bold;">proxy_set_header</span> <span style="color: #4070a0;">Upgrade</span> <span style="color: #bb60d5;">$http_upgrade</span>;
<span style="color: #007020; font-weight: bold;">proxy_set_header</span> <span style="color: #4070a0;">Connection</span> <span style="color: #4070a0;">"upgrade"</span>;
}
}</pre>
</pre>
</div>
<div>
<br /></div>
</div>
<div>
<br /></div>
<div>
You need to change the path of certificate and certificate_key.<br />
<br />
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/jaggeryapps/dashboard/conf/site.json file as follows</li>
</ul>
<div>
<br /></div>
</div>
<br />
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;">{
<span style="color: #062873; font-weight: bold;">"proxy"</span> : {
<span style="color: #062873; font-weight: bold;">"proxyHost"</span> : <span style="color: #4070a0;">"wso2.is.com"</span>,
<span style="color: #062873; font-weight: bold;">"proxyHTTPSPort"</span> : <span style="color: #4070a0;">"443"</span>,
<span style="color: #062873; font-weight: bold;">"proxyContextPath"</span> : <span style="color: #4070a0;">""</span>,
<span style="color: #062873; font-weight: bold;">"servicePath"</span> : <span style="color: #4070a0;">"/services"</span>
}
}
</pre>
</div>
<div>
<br /></div>
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/jaggeryapps/portal/conf/site.json file as follows</li>
</ul>
<div>
<div>
{</div>
<br />
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;">{
<span style="color: #062873; font-weight: bold;">"proxy"</span> : {
<span style="color: #062873; font-weight: bold;">"proxyHost"</span> : <span style="color: #4070a0;">"wso2.is.com"</span>,
<span style="color: #062873; font-weight: bold;">"proxyHTTPSPort"</span> : <span style="color: #4070a0;">"443"</span>,
<span style="color: #062873; font-weight: bold;">"proxyContextPath"</span> : <span style="color: #4070a0;">""</span>
},
<span style="color: #062873; font-weight: bold;">"fido"</span> : {
<span style="color: #062873; font-weight: bold;">"appId"</span> : <span style="color: #4070a0;">""</span>
}
}
</pre>
</div>
<div>
<br /></div>
<div>
<ul>
<li>Configure proxy port and host in <wso2is-5.1.0> /repository/deployment/server/webapps/shindig/WEB-INF/web.xml</li>
</ul>
<div>
</div>
</div>
<br />
<div style="background: rgb(240, 240, 240); border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 16.25px;"><span style="color: #062873; font-weight: bold;"><context-param></span>
<span style="color: #062873; font-weight: bold;"><param-name></span>system.properties<span style="color: #062873; font-weight: bold;"></param-name></span>
<span style="color: #062873; font-weight: bold;"><param-value></span>
<span style="color: #007020;"><![CDATA[</span>
<span style="color: #007020;"> shindig.host=wso2.is.com</span>
<span style="color: #007020;"> shindig.port=443</span>
<span style="color: #007020;"> aKey=/shindig/gadgets/proxy?container=default&url=</span>
<span style="color: #007020;"> ]]></span>
</pre>
</div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<ul>
<li>Import the load balancer certificate into client-trustore.jks file.</li>
</ul>
<div>
<br /></div>
</div>
</div>
</div>
<div>
<br /></div>
<div>
Note : Load balancer certificate should be IS hostname. </div>
</div>
</div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<h3>
Running the Server. </h3>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Now you are done. You will be able to log into Identity Server Management Console and Dashboard web app from following URLs. </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Management Console : https://wso2.is.com/carbon/</div>
<div>
Dashboard :https://wso2.is.com/dashboard</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
[1] https://docs.wso2.com/display/Carbon440/Configuring+Keystores+in+WSO2+Products</div>
<div>
<span style="color: blue;"><br /></span></div>
</div>
</div>
</div>
Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com17tag:blogger.com,1999:blog-5737505135099841228.post-87814978732960336142015-02-27T15:38:00.004-08:002015-02-27T15:45:22.917-08:00Enabling SSO for WSO2 ServersYou can follow [1] for enabling SSO for WSO2 Servers.<br />
<br />
<br />
When you configure SSO for WSO2 Servers, either you have to share the user stores or internal roles, otherwise you will end up with a authorization failure<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPgo9he3NuoFVGWthScH8mHu6_Z41y-h4_7x2pL8IOaVVcAYq7XB-vSsJeSotyOjTg6qi0EMuRsUoFegGNEfk4sI80rXh1e5gG6G7pXPQJ16OUG8-IEqBewyD-y5ajSyjE_9vePBuBKcCd/s1600/Screen+Shot+2015-02-27+at+12.28.41+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPgo9he3NuoFVGWthScH8mHu6_Z41y-h4_7x2pL8IOaVVcAYq7XB-vSsJeSotyOjTg6qi0EMuRsUoFegGNEfk4sI80rXh1e5gG6G7pXPQJ16OUG8-IEqBewyD-y5ajSyjE_9vePBuBKcCd/s1600/Screen+Shot+2015-02-27+at+12.28.41+PM.png" height="75" width="400" /></a></div>
<br />
<br />
In this blog post I am going to post the steps to share the internal roles in WSO2IS and WSO2ESB.<br />
<br />
<br />
i) Download WSO2IS 5.0.0 and WSO2ESB 4.8.1<br />
ii) Configure WSO2ESB's offset to 1 from <ESB_HOME>/repository/conf/carbon.xml file<br />
<br />
iii) Open <IS_HOME>/repository/conf/datasource/master-datasources.xml file and add following data-source configuration<br />
<br />
<datasource><br />
<name>WSO2UM_DB</name><br />
<description>The datasource used for user management</description><br />
<jndiConfig><br />
<name>jdbc/WSO2UM_DB</name><br />
</jndiConfig><br />
<definition type="RDBMS"><br />
<configuration><br />
<url>jdbc:mysql://localhost:3306/userstore?autoReconnect=true&amp;relaxAutoCommit=true&amp;<br />
</url><br />
<username>db_username</username><br />
<password>db_password</password><br />
<driverClassName>com.mysql.jdbc.Driver</driverClassName><br />
<maxActive>50</maxActive><br />
<maxWait>60000</maxWait><br />
<testOnBorrow>true</testOnBorrow><br />
<validationQuery>SELECT 1</validationQuery><br />
<validationInterval>30000</validationInterval><br />
</configuration><br />
</definition><br />
</datasource><br />
<br />
iv) Open <ESB_HOME>/repository/conf/datasource/master-datasources.xml file and add following data-source configuration<br />
<br />
<datasource><br />
<name>WSO2UM_DB</name><br />
<description>The datasource used for user management</description><br />
<jndiConfig><br />
<name>jdbc/WSO2UM_DB</name><br />
</jndiConfig><br />
<definition type="RDBMS"><br />
<configuration><br />
<url>jdbc:mysql://localhost:3306/userstore?autoReconnect=true&amp;relaxAutoCommit=true&amp;<br />
</url><br />
<username>db_username</username><br />
<password>db_password</password><br />
<driverClassName>com.mysql.jdbc.Driver</driverClassName><br />
<maxActive>50</maxActive><br />
<maxWait>60000</maxWait><br />
<testOnBorrow>true</testOnBorrow><br />
<validationQuery>SELECT 1</validationQuery><br />
<validationInterval>30000</validationInterval><br />
</configuration><br />
</definition><br />
</datasource><br />
<br />
<br />
v) Open <IS_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]<br />
<br />
<br />
<Configuration><br />
<AddAdmin>true</AddAdmin><br />
<AdminRole>admin</AdminRole><br />
<AdminUser><br />
<UserName>admin</UserName><br />
<Password>admin</Password><br />
</AdminUser><br />
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --><br />
<Property name="dataSource">jdbc/WSO2UM_DB</Property><br />
</Configuration><br />
<br />
vi)<br />
<br />
v) Open <ESB_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]<br />
<br />
<br />
<Configuration><br />
<AddAdmin>true</AddAdmin><br />
<AdminRole>admin</AdminRole><br />
<AdminUser><br />
<UserName>admin</UserName><br />
<Password>admin</Password><br />
</AdminUser><br />
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By
default users in this role sees the registry root --><br />
<Property name="dataSource">jdbc/WSO2UM_DB</Property><br />
</Configuration><br />
v) Open <IS_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]<br />
<br />
<br />
<Configuration><br />
<AddAdmin>true</AddAdmin><br />
<AdminRole>admin</AdminRole><br />
<AdminUser><br />
<UserName>admin</UserName><br />
<Password>admin</Password><br />
</AdminUser><br />
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By
default users in this role sees the registry root --><br />
<Property name="dataSource">jdbc/WSO2UM_DB</Property><br />
</Configuration><br />
<br />
vii) Add mysql connector jar [2] to <IS_HOME>/repository/components/lib folder<br />
<br />
<br />
viii) Add mysql connector jar [2] to <ESB_HOME>/repository/components/lib folder<br />
<br />
viii) Create Database named WSO2UM_DB and run following script on it<br />
<br />
<IS_HOME>/dbscripts/mysql.sql<br />
<br />
<br />
viii) Now start both WSO2IS and WSO2ESB. When you add internal role in WSO2IS, it will show in the WSO2ESB as well.<br />
<br />
<br />
ix) Now you can create a user in WSO2IS and assign a internal role which has login permission to that user. Then try to log into ESB, you will be able to successfully log in. <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
[1] https://docs.wso2.com/display/IS500/Enabling+SSO+for+WSO2+Servers<br />
[2] http://dev.mysql.com/downloads/connector/j/Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com0tag:blogger.com,1999:blog-5737505135099841228.post-29250532682767824372014-09-13T09:31:00.003-07:002014-09-13T09:31:26.336-07:00How to Lock, user account in WSO2 Identity Server 5.0.0WSO2 Identity Server can be configured to lock the user account for exceeding maximum login attempts. It can be done from Identity Management feature and you can use [1] for configuring the identity management feature.<br />
<br />
There can be scenarios where admin wants to lock and unlock user account and Identity Server supports this feature through Management Console. Following steps can be used to lock user account through admin console.<br />
<br />
<h4>
Step1</h4>
<span style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px;">Download and Install WSO2 Identity Server 5.0.0 from <a href="http://wso2.com/products/identity-server/">here</a>.</span><br />
<br />
<h4>
Step2</h4>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px;">
Open web browser and go to https://localhost:9443/carbon/admin</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px;">
<br /></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-left: auto; margin-right: auto; padding: 4px; position: relative; text-align: center;"><tbody>
<tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hId_Njm4GIv2eWy6r2SJib_16y9iFObdIEEWoC6_M6w4v5OjeihUWrkpMLdatHjZkSordthgLPUjXv6rzRRk9WPCQp0LJ1olT7BQBLaX9e_8xBkKXsCpACsu6Mzh8H9pi7IVT4lQDUls/s1600/1.png" imageanchor="1" style="color: #6699cc; margin-left: auto; margin-right: auto; text-decoration: none;"><img border="0" height="191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hId_Njm4GIv2eWy6r2SJib_16y9iFObdIEEWoC6_M6w4v5OjeihUWrkpMLdatHjZkSordthgLPUjXv6rzRRk9WPCQp0LJ1olT7BQBLaX9e_8xBkKXsCpACsu6Mzh8H9pi7IVT4lQDUls/s1600/1.png" style="border: none; position: relative;" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="font-size: 12px;">1</td></tr>
</tbody></table>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px;">
<br /><br />Login with following credentials<br /><br />Username : admin<br />Password : admin</div>
<br />
<br />
<h4>
Step3</h4>
<br />
Assign login permission to internal/everyone role.<br />
<h4>
Step4</h4>
<br />
Follow steps in <a href="https://docs.wso2.com/display/IS500/Configuring+Users">here</a> to add a new user and assign internal/everyone role to created user.<br />
<br />
<h4>
Step5</h4>
<br />
Sign out from the admin user and try to log to the Identity Server with newly added user's credentials<br />
You should be able to log in since account is not lock by default.<br />
<br />
<h4>
Step6</h4>
<br />
Login as admin and go to configure tab and select claim Management. Then select 'http://wso2.org/claims' link and click edit the Account Lock claim. Click the Supported by Default chekbox and save the changes.<br />
<br />
<h4>
Step7</h4>
<br />
Then go to User Account Edit page and type true in Account Locked Field. Then the user is locked.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
[1] https://docs.wso2.com/pages/viewpage.action?pageId=34612027Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com0tag:blogger.com,1999:blog-5737505135099841228.post-36754475356334634962014-06-17T03:14:00.000-07:002014-08-20T23:52:35.617-07:00Secure passwords in Password Callback Handler using WSO2 Carbon Secure Vault<br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">In WSO2 carbon products, password Callback handler class can be used to provide passwords needed for Rampart engine to build username tokens and create signatures when sending messages. Apache Rampart is the Axis2 module which providers WS-Security feature to Axis2 Web Services. You can find a detailed explanation of password callback from <a href="http://wso2.com/library/3733/" target="_blank">here</a>.</span></span><br />
<br />
Following is a sample callback handler class<br />
<br />
<pre style="background-color: #eeeeee; border: 1px dashed #999999; color: black; font-family: Andale Mono, Lucida Console, Monaco, fixed, monospace; font-size: 12px; line-height: 14px; overflow: auto; padding: 5px; width: 100%;"><code>public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
WSPasswordCallback pwcb = (WSPasswordCallback) callback;
String id = pwcb.getIdentifer();
int usage = pwcb.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
// Logic to get the password to build the username token
if ("admin".equals(id)) {
pwcb.setPassword("admin");
}
} else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {
// Logic to get the private key password for signature or decryption
if ("client".equals(id)) {
pwcb.setPassword("apache");
}
if ("service".equals(id)) {
pwcb.setPassword("apache");
}
}
}
}
}
</code></pre>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<br />
<span style="font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<br />
<span style="font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">WSO2 Carbon is shipped with a </span><a href="http://docs.wso2.com/display/Carbon420/WSO2+Carbon+Secure+Vault" style="font-size: 14px; line-height: 20px;" target="_blank">Secure Vault</a><span style="font-size: 14px; line-height: 20px;"> implementation which is a modified version of synapse Secure Vault. It can be used to avoid the hard coding of password in above example and retrieve it from file in secured manner.</span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">Following example will show you how to configure WSO2 Secure Vault for Password Callback Handler with WSO2 Identity Server 5.0.0</span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><b>Step1</b> : Download the WSO2 Identity Server 5.0.0 from <a href="http://wso2.com/products/identity-server/" target="_blank">here</a> </span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><b>Step2</b> <span style="color: white;">:</span> <span style="background-color: none;">Create a config file named test_conf1.xml in </span></span></span><span style="background-color: none;"><span style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 19.600000381469727px;"><carbon_home></span><span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">/repository/conf directory and add following text</span></span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); color: #333333; font-size: 14px; line-height: 19.600000381469727px; overflow: auto; padding: 5px; width: 100%;"><code><span style="font-size: 12px; line-height: 14px;"><testconf>
<module serverURL="local://services/" remote="false">
<password>admin</password>
</module> </span>
<span style="font-size: 12px; line-height: 14px;"></testconf></span></code></pre>
<br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><b>Step3</b> : </span></span><span style="font-family: Helvetica Neue Light, HelveticaNeue-Light, Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 14px;"><span style="line-height: 19.600000381469727px;">Add following line to </span></span><span style="background-color: none; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 19.600000381469727px;"><carbon_home>/repository/conf/security/</span><span style="background-color: none; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 19.600000381469727px;">cipher-tool.properties file</span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); font-family: 'Andale Mono', 'Lucida Console', Monaco, fixed, monospace; font-size: 12px; line-height: 14px; overflow: auto; padding: 5px; width: 100%;"><code>testconf.module.password=test_conf1.xml//testconf/module/password,true</code></pre>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span><span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><b>Step4</b> : Add following line to <carbon_home>/repository/conf/security/cipher-text.properties file</span><br />
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); color: #333333; font-family: 'Andale Mono', 'Lucida Console', Monaco, fixed, monospace; font-size: 12px; line-height: 14px; overflow: auto; padding: 5px; width: 100%;"><code>testconf.module.password=[admin]</code></pre>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><b>Step5 </b>: Go to <carbon_home>/bin directory and execute "</span><span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">sh ciphertool.sh -Dconfigure" command. Then it will ask you to enter the primary key store password. Type "wso2carbon" as the password</span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><b>Step6</b> : Then test_conf1.xml file will be updated as follows</span></span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); overflow: auto; padding: 5px; width: 100%;"><span style="color: #333333;"><span style="font-size: 12px; line-height: 14px;"><</span></span><span style="background-color: transparent; font-size: 12px; line-height: 14px;"><span style="color: #333333;"><?xml version="1.0" encoding="UTF-8" standalone="no"?><testconf xmlns:svns="http://org.wso2.securevault/configuration">
<module remote="false" serverURL="local://services/">
<password svns:secretAlias="testconf.module.password">password</password>
</module>
</testconf></span></span></pre>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span><span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">you can see the cipher-text.properties file and the password should encrypted as follows</span><br />
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"><br /></span></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); overflow: auto; padding: 5px; width: 100%;"><span style="font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; white-space: normal;">testconf.module.password=PFQC+qjKxmDePuiR5kSSTOx6suR48UKbDpcEEZ57TcXsHIlnP+I6E2ZXOBtZ91Fk+z3b8vWV84GB\nzn9q+ZQZ0XmdTUzNTMFMV/rpkT3OVhN9MUCjlHIORhcNMt9oWiVKaQ5tO2AmFg5IIqvG/FO51q3o\nx+L8a2sF3JH9G1m203s\=</span></pre>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">
</span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><b>Step7</b> : Following class can be used to resolve the password</span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">
</span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">
</span></span>
<br />
<pre style="background-color: #eeeeee; border: 1px dashed rgb(153, 153, 153); overflow: auto; padding: 5px; width: 100%;"><span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">/*</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * Copyright (c) 2006, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> *</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * Licensed under the Apache License, Version 2.0 (the "License");</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * you may not use this file except in compliance with the License.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * You may obtain a copy of the License at</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> *</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * http://www.apache.org/licenses/LICENSE-2.0</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> *</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * Unless required by applicable law or agreed to in writing, software</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * distributed under the License is distributed on an "AS IS" BASIS,</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * See the License for the specific language governing permissions and</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> * limitations under the License.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> */</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">package org.sample.securevault;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.apache.axiom.om.OMElement;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.apache.axiom.om.impl.builder.StAXOMBuilder;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.apache.commons.logging.Log;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.apache.commons.logging.LogFactory;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.wso2.carbon.utils.CarbonUtils;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.wso2.securevault.SecretResolver;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import org.wso2.securevault.SecretResolverFactory;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import javax.xml.namespace.QName;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import javax.xml.stream.XMLStreamException;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import java.io.File;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import java.io.FileInputStream;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import java.io.IOException;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">import java.io.InputStream;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">public class TestConf {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> private static final Log log = LogFactory.getLog(TestConf.class);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> private String password;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> private String serverURL;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> private String remote;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> public TestConf() {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> InputStream fileInputStream = null;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> String configPath = CarbonUtils.getCarbonHome()+ File.separator + "repository" + File.separator + "conf" +</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> File.separator + "conf-test1.xml";</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> File registryXML = new File(configPath);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> if (registryXML.exists()) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> try {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> fileInputStream = new FileInputStream(registryXML);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> StAXOMBuilder builder = new StAXOMBuilder(fileInputStream);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> builder.setNamespaceURIInterning(true);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> OMElement configElement = builder.getDocumentElement();</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> //Initialize the SecretResolver providing the configuration element.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> SecretResolver secretResolver = SecretResolverFactory.create(configElement, false);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> OMElement module = configElement.getFirstChildWithName(new QName("module"));</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> if (module != null) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> //same entry used in cipher-text.properties and cipher-tool.properties.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> String secretAlias = "testconf.module.password";</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> //Resolved the secret password.</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> if (secretResolver != null && secretResolver.isInitialized()) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> if (secretResolver.isTokenProtected(secretAlias)) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> password = secretResolver.resolve(secretAlias);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> } else {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> password = module.getFirstChildWithName(new QName("password")).getText();</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> serverURL = module.getAttributeValue(new QName("serverURL"));</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> remote = module.getAttributeValue(new QName("remote"));</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> } catch (XMLStreamException e) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> log.error("Unable to parse conf-test1.xml", e);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> } catch (IOException e) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> log.error("Unable to read conf-test1.xml", e);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> } finally {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> if (fileInputStream != null) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> try {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> fileInputStream.close();</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> } catch (IOException e) {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> log.error("Failed to close the FileInputStream, file : " + configPath);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> public String getPassword() {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> return password;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> public String getServerURL() {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> return serverURL;</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> public boolean isRemote() {</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> return Boolean.valueOf(remote);</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;"> }</span></span>
<span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">}</span></span>
</pre>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span><span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">You can checkout the complete code from <a href="https://svn.wso2.org/repos/wso2/people/isura/password_callback_handler" target="_blank">here</a> </span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span><b style="font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">Step8 : </b><span style="font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">Use maven to build the files. (mvn clean install)</span><br />
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">Go to target directory and copy </span><span style="font-family: Arial, sans-serif;"><span style="font-size: 14px; line-height: 20px;">org.wso2.samples.pwcb-1.0.0.jar file to <carbon_home>/repository/lib directory and start the server. Then you will ask to enter the key store password. It is "wso2carbon"</span></span><br />
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br />Now you are done.</span>
<span style="background-color: none; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;"><br /></span>Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com0tag:blogger.com,1999:blog-5737505135099841228.post-21044419006670466572014-04-22T14:32:00.001-07:002014-04-22T14:39:33.988-07:00SPML Provisioning Capability for WSO2 Identity Server<span style="color: #222222; font-family: arial, sans-serif;"><b>SPML</b> (Service Provisioning Markup Language ) is a specification </span><span style="color: #333333; font-family: Arial, sans-serif; line-height: 20px;">, being developed by OASIS, for exchanging users, resources between organizations. </span><br />
<div>
<span style="color: #333333; font-family: Arial, sans-serif; line-height: 20px;"><br /></span></div>
<div>
<span style="color: #333333; font-family: Arial, sans-serif; line-height: 20px;">With the WSO2 Identity Server 5.0, you can manage users with SPML compliant providers. </span></div>
<div>
<span style="color: #333333; font-family: Arial, sans-serif; line-height: 20px;"><br /></span></div>
<h4>
Step1</h4>
<div>
Install and configure a SPML compliant provider. Sun Identity Manager, Oracle waveset , ActiveRoles Server SPML provider, are some examples for SPML compliant providers.</div>
<div>
<br /></div>
<div>
<br /></div>
<h4>
Step2</h4>
Download and Intall WSO2 Identity Server 5.0. This release will be available within couple of week.<br />
<br />
<h4>
Step3</h4>
<div>
Open web browser and go to https://localhost:9443/carbon/admin</div>
<div>
<br /></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hId_Njm4GIv2eWy6r2SJib_16y9iFObdIEEWoC6_M6w4v5OjeihUWrkpMLdatHjZkSordthgLPUjXv6rzRRk9WPCQp0LJ1olT7BQBLaX9e_8xBkKXsCpACsu6Mzh8H9pi7IVT4lQDUls/s1600/1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7hId_Njm4GIv2eWy6r2SJib_16y9iFObdIEEWoC6_M6w4v5OjeihUWrkpMLdatHjZkSordthgLPUjXv6rzRRk9WPCQp0LJ1olT7BQBLaX9e_8xBkKXsCpACsu6Mzh8H9pi7IVT4lQDUls/s1600/1.png" height="191" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">1</td></tr>
</tbody></table>
<div>
<br />
<br />
Login with following credentials<br />
<br />
Username : admin<br />
Password : admin<br />
<br />
<h4>
Step4</h4>
<div>
<br /></div>
<div>
Click "Add" button under Main/Identity/Identity providers. </div>
<div>
<br /></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhERtcacdAquwFLXoIbR3hkqlzgFJG51DOMru7KGFetpFkRpr3Qd6QQIl3qX1wVCHp23PML3su1GYkz_VxpL4e6ORYi5RYqERYUYu1G74kjF61lgvmavvUK_L4G5eBoBUg8cVvyURPbLVpr/s1600/2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhERtcacdAquwFLXoIbR3hkqlzgFJG51DOMru7KGFetpFkRpr3Qd6QQIl3qX1wVCHp23PML3su1GYkz_VxpL4e6ORYi5RYqERYUYu1G74kjF61lgvmavvUK_L4G5eBoBUg8cVvyURPbLVpr/s1600/2.png" height="172" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">2</td></tr>
</tbody></table>
<div>
<br /></div>
<h4>
Step5</h4>
<div>
You will be redirect to following page. </div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbSviLwcwwiypYtSWv8rJuPVnh_QnYHv98G1SDiO9Vd65ZBxS8fgdpKK8Q6J8vL22c4t20Bfxu5nQhakaS9E0VHBY6CnoJmR1mE7z9sAAqpnMoh3gTZOXiKS3kZkP23QFqlwSNWekBTIWR/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbSviLwcwwiypYtSWv8rJuPVnh_QnYHv98G1SDiO9Vd65ZBxS8fgdpKK8Q6J8vL22c4t20Bfxu5nQhakaS9E0VHBY6CnoJmR1mE7z9sAAqpnMoh3gTZOXiKS3kZkP23QFqlwSNWekBTIWR/s1600/3.png" height="170" width="400" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Type "spml Identity provider" as Identity Provider name</div>
<div>
<br /></div>
<div>
Go to "Outbound Provisioning Connectors"/ "SPML Provisioning Connector"</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiANnkWz7oWJ458KJ4uouYKbn6nBL_UbnQ9uKokX_iOELKuEbDEwOCbT6itzX0m7pG7j87698Bv15MUu2oWN9dlNG47Mt3DP66jjmP-V1_jzPxmN_PReN25pvjlt5Rehy07P3_nMg74H_iL/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiANnkWz7oWJ458KJ4uouYKbn6nBL_UbnQ9uKokX_iOELKuEbDEwOCbT6itzX0m7pG7j87698Bv15MUu2oWN9dlNG47Mt3DP66jjmP-V1_jzPxmN_PReN25pvjlt5Rehy07P3_nMg74H_iL/s1600/4.png" height="110" width="400" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<ul>
<li>Enable Connector</li>
<li>Enter username for your SPML compliant provider</li>
<li>Enter password for SPML compliant provider</li>
<li>Enter SPML endpoint url as SPML Endpoint</li>
<li>Enter spml support object of server as objectClass</li>
<li>Add Attribute claim mapping according to SPML provider</li>
<li>Click update to save changes</li>
</ul>
<div>
<br /></div>
<h4>
Step6</h4>
<div>
Click Service Provider List link and then click <a class="icon-link" href="https://localhost:9443/carbon/application/load-service-provider.jsp?spName=wso2carbon-local-sp" style="background-color: white; background-image: url(https://localhost:9443/carbon/application/images/local-sp.png); background-position: 0% 0%; background-repeat: no-repeat no-repeat; color: #2f7abd; cursor: pointer; display: inline-block; font-family: 'Lucida Grande', 'Lucida Sans', 'Microsoft Sans Serif', 'Lucida Sans Unicode', Verdana, sans-serif, 'trebuchet ms'; font-size: 12px; height: 17px; line-height: 17px; margin: 5px 5px 3px 10px; padding-left: 20px; position: relative; text-decoration: none; vertical-align: text-top; white-space: nowrap;">Resident Service Provide</a> link.</div>
</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwp8-p6LZcXSTCZPmbtgTyzqzzjREDws_VSFp6f13-cUDX2hDfNTAsnokRKuSnaFkxbcUzUQymb1uDwA_RtBJtPRU8VAQVM8whhdRo-gNYniq_nENQobZTA1TV57oPAmzaL-otEsMfRguS/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwp8-p6LZcXSTCZPmbtgTyzqzzjREDws_VSFp6f13-cUDX2hDfNTAsnokRKuSnaFkxbcUzUQymb1uDwA_RtBJtPRU8VAQVM8whhdRo-gNYniq_nENQobZTA1TV57oPAmzaL-otEsMfRguS/s1600/5.png" height="203" width="400" /></a></div>
<div>
Then select "Outbound Provisioning Configuration" and add created Idp and select spml as following screenshot.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhySktvMULdvkP6eG5y-fwbMluoJ-WPgenuewOA8hJsYM42B47gqJ518mYnObTTJwbYPpj-YJwj7fjqhnorpxjCcpyiCciHHe2FkQxenx1IlJZQsqu7fAxgqMzDL0wIDcC-VX8H6b3bnm2R/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhySktvMULdvkP6eG5y-fwbMluoJ-WPgenuewOA8hJsYM42B47gqJ518mYnObTTJwbYPpj-YJwj7fjqhnorpxjCcpyiCciHHe2FkQxenx1IlJZQsqu7fAxgqMzDL0wIDcC-VX8H6b3bnm2R/s1600/6.png" height="197" width="400" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<h4>
Step7</h4>
<div>
<br /></div>
<div>
<ul>
<li>Go to configuration tab / "Users and Roles" / Roles / "Add new Role"</li>
<li>Add new role named "spml"</li>
</ul>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8n4DEKTk_8m3SfQw6T1OFOPj8Z53G3eWbz6YhdIIObECR-xO3HuxUvLTZukrHQFXfOoqobahvWhVCSGVP3V5GX_fXt-NxI4e1IWgvljvoWc1RvLO087KfmDhIVeHHTA7XDldK-iNdkxPH/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8n4DEKTk_8m3SfQw6T1OFOPj8Z53G3eWbz6YhdIIObECR-xO3HuxUvLTZukrHQFXfOoqobahvWhVCSGVP3V5GX_fXt-NxI4e1IWgvljvoWc1RvLO087KfmDhIVeHHTA7XDldK-iNdkxPH/s1600/7.png" height="201" width="400" /></a></div>
<div>
<h4>
Step8</h4>
</div>
<div>
<br />
<ul>
<li>Go to configuration tab / "Users and Roles" / Users/ Add User </li>
<li>Click on Add new User button and fill data and click next to assign role spml</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikPmxYd0ZBOzrP9MykyezzC8t2oi3UHfQ6pwcZ2KE-ZGgwtj4Jpqf5mOwCmtb9grnvPooq2NTLpyGPGTvwkQsrgmSCUHn6x-bvq916m5R9RLYyVOP2eZlxGt9rc5pvoyjCGTBb1OpK_00L/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikPmxYd0ZBOzrP9MykyezzC8t2oi3UHfQ6pwcZ2KE-ZGgwtj4Jpqf5mOwCmtb9grnvPooq2NTLpyGPGTvwkQsrgmSCUHn6x-bvq916m5R9RLYyVOP2eZlxGt9rc5pvoyjCGTBb1OpK_00L/s1600/8.png" height="191" width="400" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
</div>
<div>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu0bdLBLytwBCJBmZPnP1YRow_c8Xls0qraNZ6N4iFattg5YAmUJBnb6JDSSg5rkUdbyvE_aVVN7wmQ6wKQ2hc43i4OEpBuY3HIlnqrIzCKGhCSCazAlU6QEDEhGnMpVhQVKg_vqhze4Y9/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu0bdLBLytwBCJBmZPnP1YRow_c8Xls0qraNZ6N4iFattg5YAmUJBnb6JDSSg5rkUdbyvE_aVVN7wmQ6wKQ2hc43i4OEpBuY3HIlnqrIzCKGhCSCazAlU6QEDEhGnMpVhQVKg_vqhze4Y9/s1600/9.png" height="193" width="400" /></a></div>
<br /></div>
<div>
Once you click finish button, user will provision in SPML provider server. You are done. Once you delete the user from IS, user will delete from server too.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<br /></div>
Isura Dilharahttp://www.blogger.com/profile/04059595339068282550noreply@blogger.com0