This documentation is for WSO2 API Manager 2.5.0. View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Formatted

...

  1. Navigate to the master-datasources.xml file in the following directories.
    • WSO2 IS - <IS_HOME>/repository/conf/datasources 
    • WSO2 API-M - <API-M_HOME>/repository/conf/datasources
  2. Add the WSO2UM_DB related datasource configurations in order to share the user stores between WSO2 API-M and WSO2 IS. 

    Note

    By default, WSO2 API-M uses a JDBC user store, while WSO2 IS uses a LDAP user store. This example uses a JDBC user store and MySQL DB.

    Localtab Group
    Localtab
    activetrue
    idUMDBFormat
    titleFormat
    Code Block
    languagexml
    <datasource>
     <name>WSO2UM_DB</name>
     <description>The datasource used by user manager</description>
     <jndiConfig>
       <name>jdbc/WSO2UM_DB</name>
     </jndiConfig>
     <definition type="RDBMS">
       <configuration>
         <url>jdbc:mysql://[host_name_of_mysql_server]:3306/userdb?autoReconnect=true</url>
         <username>[user]</username>
         <password>[password]</password>
         <driverClassName>com.mysql.jdbc.Driver</driverClassName>
         <maxActive>50</maxActive>
         <maxWait>60000</maxWait>
         <testOnBorrow>true</testOnBorrow>
         <validationQuery>SELECT 1</validationQuery>
         <validationInterval>30000</validationInterval>
       </configuration>
     </definition>
    </datasource> 

    Make sure to replace the following placeholders:

    • [host_name_of_mysql_server]
    • [user]
    • [password]
    Localtab
    idUMDBExample
    titleExample
    Code Block
    languagexml
    <datasource>
     <name>WSO2UM_DB</name>
     <description>The datasource used by user manager</description>
     <jndiConfig>
       <name>jdbc/WSO2UM_DB</name>
     </jndiConfig>
     <definition type="RDBMS">
       <configuration>
         <url>jdbc:mysql://localhost:3306/userdb?autoReconnect=true</url>
         <username>root</username>
         <password>root</password>
         <driverClassName>com.mysql.jdbc.Driver</driverClassName>
         <maxActive>50</maxActive>
         <maxWait>60000</maxWait>
         <testOnBorrow>true</testOnBorrow>
         <validationQuery>SELECT 1</validationQuery>
         <validationInterval>30000</validationInterval>
       </configuration>
     </definition>
    </datasource> 
    Tip

    SSL is enabled by default. However, only for testing purposes you can disable SSL by updating the URL as follows in the WSO2 IS and WSO2 API-M <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file. However, this is not recommended for a production environment and you need to make sure that SSL is enabled.

    Code Block
    <url>jdbc:mysql://localhost:3306/userdb?autoReconnect=true&amp;useSSL=false</url>
  3. Update the user-mgt.xml file in the <IS_HOME>/repository/conf directory and the  <API-M_HOME>/repository/conf directory. Update the default configurations with the following property configurations.

    Code Block
    languagexml
    <configuration> 
    ...
    	<Property name="dataSource">jdbc/WSO2UM_DB</Property>
    </configuration>
  4. Configure the user store manager properties.
    In this example, as you are using JDBC as the user store, you need to update the <IS_HOME>/repository/conf/user-mgt.xml file as follows: 

    1. Comment out the default LDAP user store details, which are defined in the  <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> section.

    2. Uncomment the following code block with regard to the to the JDBC user store.

      Code Block
      languagexml
      		        <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
                  <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
                  <Property name="ReadOnly">false</Property>
                  <Property name="ReadGroups">true</Property>
                  <Property name="WriteGroups">true</Property>
                  <Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
                  <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
                  <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
                  <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
                  <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
                  <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
                  <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
                  <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
                  <Property name="CaseInsensitiveUsername">false</Property>
                  <Property name="SCIMEnabled">false</Property>
                  <Property name="IsBulkImportSupported">false</Property>
                  <Property name="PasswordDigest">SHA-256</Property>
                  <Property name="StoreSaltedPassword">true</Property>
                  <Property name="MultiAttributeSeparator">,</Property>
                  <Property name="MaxUserNameListLength">100</Property>
                  <Property name="MaxRoleNameListLength">100</Property>
                  <Property name="UserRolesCacheEnabled">true</Property>
                  <Property name="UserNameUniqueAcrossTenants">false</Property>
              </UserStoreManager>
      Info

      You could alternatively use the embedded LDAP in the WSO2 Identity Server as your user store. For more information, see Configuring the Primary User Store in the Administration Guide.

...

  1. Start WSO2 Identity Server.

    • On Windows: <IS_HOME>/bin/wso2server.bat --run

    • On Linux/Mac OS: sh <IS_HOME>/bin/wso2server.sh

  2. Create a service provider (SP) for the Store. For more detailed information, see Adding and Configuring a Service Provider in the WSO2 Identity Server 5.6.0 documentation.

    1. Create a service provider (SP) as API_STORE with a inbound OAuth/oidc callback URL as https://<APIM-hostname>:9443/store/jagg/jaggery_oidc_acs.jag  and enable the authorization-code grant type, by checking the Code checkbox that corresponds to Allowed Grant Types.
      <APIM-hostname> - Replace this with the hostname of the WSO2 API Manager Server.

    2. Add claim mapping and set the  http://wso2.org/claims/displayName as the local claim and make it a mandatory claim.
      Your configurations should look similar to the following after creating the service provider.
      Image Removed Image Added

  3. Create a service provider for the Publisher.

    1. Create a service provider as API_PUBLISHER with a inbound OAuth/oidc callback URL as https://<APIM-hostname>:9443/publisher/jagg/jaggery_oidc_acs.jag  and enable the authorization-code grant type. 
      <APIM-hostname> - Replace this with the hostname of the WSO2 API Manager Server.

    2. Add claim mapping and set the  http://wso2.org/claims/displayName  as the local claim and make it a mandatory claim.
      Your configurations should look similar to the following after creating the service provider.

      Image RemovedImage Added

Step 6 - Configure WSO2 API-M 

...

  1. Configure OpenID Connect for SSO.
    For more information, see Configuring SSO with OpenID Connect.

  2. Access the API Publisher.
    https://<APIM-hostname>:<APIM-port>/publisher/
    In this example, access the Publisher as follows:
    https://wso2.am:9443/publisher/

  3. Provide your username and password and click SIGN IN.

    Image Modified

  4. Enter your username as the display name and click SIGN IN.
    Image Modified

  5. Check Select All to select the mandatory user claims related to API_PUBLISHER and also check one of the approve options (Approve Once or Approve Always) based on your preference.
    If you select Approve Once, you will have to approve OpenID user claim related data each time that you sign in to the Publisher.
    Image Modified
  6. Click Continue.
    You are now logged in to the Publisher interface.
  7. Access the Store.
    https://<APIM-hostname>:<APIM-port>/store/
    In this example, access the Store as follows:
    https://wso2.am:9443/store/
  8. Click Sign In.
  9. Check Select All to select the mandatory user claims related to API_STORE and also check one of the approve options (Approve Once or Approve Always) based on your preference.
    If you select Approve Once, you will have to approve OpenID user claim related data each time that you sign in to the Store.
    Image Modified
  10. Click Continue.
    You are directly logged in to the Store without needing to add any user credentials.