Configure APIM(Next release) Key Manager User stores

apim_4xx_support_multiple_analytics_publishers APIM manage workflow with multiple roles APIM 3.0.0 per API based subscription workflow Logging internal HTTP requests Log APIM analytics events to a file Monetization and sample with WSO2 API Manager 2.6.0 Share application and subscription among a set of specific groups or roles WSO2 APIM Correlating analytics event with correlationID APIM analytics distinguish production and sandbox traffic APIM 2.x.x analytics internal and analytics tuneup Configure APIM(Next release) Key Manager User stores APIM(Next release) working with key manager DAS 3.x Parse system variables to Spark Context Revoke OAuth application In APIM 2.1.0 Next WSO2 APIM powered by WSO2 Ballerina Configure WSO2 APIM Analytics on Cluster environment Configure WSO2 DAS 3.1.0 for WSO2 APIM 2.0.0 Analytics WSO2 APIM publishing custom statistics WSO2 APIM Error codes Working with WSO2 message tracer Use DAS admin service to query using Spark SQL Configure WSO2 APIM Analytics using XML WSO2 APIM Generating and Retrieving Custom Statistics Understanding WSO2 APIM Statistics Model Publishing WSO2 APIM 1.10.x Runtime Statistics to DAS with RDBMS Publishing_APIM_1100_Runtime_Statistics_to_DAS Aggregate functions with WSO2 DAS REST API Create a cApp for WSO2 DAS Debugging WSO2 Products using OSGI console. Publishing APIM Runtime Statistics to DAS Deploy cApp on WSO2 DAS How to configure and start the Accumulo minicluster How to setup DNS server on Ubuntu and Ubuntu server How to use Java Reflection how to install apache web server on ubuntu and ubuntu server How to install Mail server on Ubuntu and Ubuntu server How to install squirrelmail webmail client on Ubuntu and Ubuntu Server Pass and return String value to JNI method Pass and return numeric value to JNI method Calling a C Function from the Java Programming Language using JNI AXIS 2 Sample web service Client with maven and eclipse How to setup AXIS 2 with Apache Tomcat AXIS 2 Sample web service with maven and eclipse Robot framework Sample with Selenium Robot framework Custom Library Sample Behaviour-Driven Development with JBehave and Eclipse Play Audio with Netbeans and linking with LibVLC Implement LibVLC based player with QT-part2 Simple Audio playing sample with LibVLC How to install LibVLC on Ubuntu Implement LibVLC based player with QT-part1

Introduction
APIM 3.0.0 Key manager runtime support following user stores by default.
- JDBC User store
- Ldap User store
Configure User stores
Since Key manager provides JDBC and LDAP default implementation by default, in the configuration you can select which user store to be used. By Default JDBC is selected and you can select it to LDAP.

To change the connector type the following property in deployment.yaml
```
    connectorType: JDBC
    
```

Configure JDBC User store connector

    jdbcProperties:
dataSource: WSO2_UM_DB

default User Management DB’s JNDI name is set to WSO2_UM_DB and it need to be configured in the deployment.yaml as follow.

    dataSources:
    - name: WSO2_UM_DB
    description: The datasource used for user management
    # JNDI mapping of a data source
    jndiConfig:
    # JNDI name
    # THIS IS A MANDATORY FIELD
    name: jdbc/WSO2UM_DB
    # JNDI Reference Flag
    useJndiReference: false
    # data source definition
    definition:
    # data source type
    # THIS IS A MANDATORY FIELD
    type: RDBMS
    # data source configuration
    configuration:
    jdbcUrl: 'jdbc:h2:./database/UM_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000'
    username: wso2carbon
    password: wso2carbon
    driverClassName: org.h2.Driver
    maxPoolSize: 50
    idleTimeout: 60000
    connectionTestQuery: SELECT 1
    validationTimeout: 30000
    isAutoCommit: false

Configure LDAP User store connector

Ldap related configurations can be found under the ldapProperties in deployment yaml as follow.

ldapProperties:
ldap.ConnectionName: uid=admin,ou=system
ldap.GroupEntryObjectClass: groupOfNames
ldap.UserNameSearchFilter: (&(objectClass=person)(uid=?))
ldap.ConnectionURL: ldap://localhost:10389
ldap.InitialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
ldap.connectorClass: org.wso2.carbon.auth.user.store.connector.ldap.LDAPUserStoreConnector
ldap.GroupSearchBase: ou=Groups,dc=wso2,dc=org
ldap.ConnectionPassword: admin
ldap.UserNameAttribute: uid
ldap.GroupSearchFilter: (&(objectClass=groupOfNames)(cn=?))
ldap.UserEntryObjectClass: identityPerson
ldap.GroupAttribute: cn
ldap.SecurityAuthentication: simple
ldap.UserNameListFilter: (objectClass=person)
ldap.GroupListFilter: (objectClass=groupOfNames)
ldap.UserSearchBase: ou=Users,dc=wso2,dc=org

Ldap Server need to be configure with user/group nodes. Also, new schemes need to be import to LDAP server before working with the key manager. These schemes can be found in the following location and can be imported into LDAP server.

You can use the following command to import schemas

ldapadd -Y EXTERNAL -H ldapi:// -f 1-wso2Person.ldif
ldapadd -Y EXTERNAL -H ldapi:// -f 2-scimPerson.ldif
ldapadd -Y EXTERNAL -H ldapi:// -f 3-identityPerson.ldif
ldapadd -Y EXTERNAL -H ldapi:// -f userPassInfo.ldif

You also need to create a tree node for both users and groups in your LDAP.

Ex:

    ou=Groups,dc=wso2,dc=org
    ou=Users,dc=wso2,dc=org

Or else you can import group.ldif and users.ldif into LDAP to create them. Before import edit them and edit dn record as suitable to your LDAP.

Also, you can get preconfigured docker image from docker hub with name ruks/ldap.

Changing other properties

So full set of configuration parameters is looks like below. You can override them and can be include into deployment.yaml of appropriate runtime in order to configure key manager components.

wso2.carbon.auth:
   # User Store Configurations
 userStoreConfiguration: 
   attributes:
   - attribute: userName
     displayName: Username
     regex: .*
     required: true
     unique: true
   - attribute: givenName
     displayName: First Name
     regex: .*
     required: false
     unique: false
   - attribute: lastName
     displayName: Last Name
     regex: .*
     required: false
     unique: false
   - attribute: email
     displayName: Email
     regex: .*
     required: false
     unique: false
   - attribute: phoneNumber
     displayName: Phone Number
     regex: .*
     required: false
     unique: false
   - attribute: address
     displayName: Address
     regex: .*
     required: false
     unique: false
   - attribute: organization
     displayName: Organization
     regex: .*
     required: false
     unique: false
   connectorType: JDBC
   hashAlgo: SHA256
   iterationCount: 4096
   jdbcProperties:
     dataSource: WSO2_UM_DB
   keyLength: 256
   ldapProperties:
     ldap.ConnectionName: uid=admin,ou=system
     ldap.GroupEntryObjectClass: groupOfNames
     ldap.UserNameSearchFilter: (&(objectClass=person)(uid=?))
     ldap.ConnectionURL: ldap://localhost:10389
     ldap.InitialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
     ldap.connectorClass: org.wso2.carbon.auth.user.store.connector.ldap.LDAPUserStoreConnector
     ldap.GroupSearchBase: ou=Groups,dc=wso2,dc=org
     ldap.ConnectionPassword: admin
     ldap.UserNameAttribute: uid
     ldap.GroupSearchFilter: (&(objectClass=groupOfNames)(cn=?))
     ldap.UserEntryObjectClass: identityPerson
     ldap.GroupAttribute: cn
     ldap.SecurityAuthentication: simple
     ldap.UserNameListFilter: (objectClass=person)
     ldap.GroupListFilter: (objectClass=groupOfNames)
     ldap.UserSearchBase: ou=Users,dc=wso2,dc=org
   readOnly: false
   superUser: admin
   superUserPass: admin
   # Key Management Configurations
 keyManagerConfigs:
     # Access token default validity period
   defaultTokenValidityPeriod: 3600

References
- https://docs.wso2.com/display/AM300/Configuring+User+Stores

2018-01-26 05:53:37 | Rukshan Chathuranga

Add Comment

* Required information

1000

Notify me of new comments via email.

Remember my form inputs on this computer.

Comments (0)

No comments yet. Be the first!