This documentation is for WSO2 Identity Server 5.6.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. There are two possible methods for updating datasources:
    Shown below is how master-datasources.xml file is configured to connect to the default H2 database in your system. If you have replaced the default database with a new RDBMS, which you are now using as the JDBC users store, you have to update the master-datasource.xml file with the relevant information.

    Code Block
    languagexml
    <datasource>
                <name>WSO2_CARBON_DB</name>
                <description>The datasource used for registry and user manager</description>
                <jndiConfig>
                    <name>jdbc/WSO2CarbonDB</name>
                </jndiConfig>
                <definition type="RDBMS">
                    <configuration>
                        <url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
                        <username>wso2carbon</username>
                        <password>wso2carbon</password>
                        <driverClassName>org.h2.Driver</driverClassName>
                        <maxActive>50</maxActive>
                        <maxWait>60000</maxWait>
                        <testOnBorrow>true</testOnBorrow>
                        <validationQuery>SELECT 1</validationQuery>
                        <validationInterval>30000</validationInterval>
                    </configuration>
                </definition>
    </datasource>


    Alternatively, instead of using the master-datasource.xml file, you can also create a new XML file with the datasource information of your new RDBMS and store it in the same <PRODUCT_HOME>/repository/conf/datasources/ directory.

  2. Now, the datasource configuration and the user store manager configuration in user-mgt.xml file should be linked together. You can do this by referring the datasource information (typically defined in the master-datasources.xml file) from the user-mgt.xml file as explained below.
    The RDBMS that is used for storing authorization information is configured under the <Configuration> section in the user-mgt.xml file, by adding <Property name="dataSource"> as shown below. The following example refers to the default WSO2CarbonDB datasource.

    Code Block
    <Configuration>
        .......
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
    </Configuration>

    Configuring user store manager no need to set the connection detail. See the following sample configuration.

    Expand
    titlesample property JDBC with datasource
    Code Block
    languagexml
    <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
          <Property name="Disabled">false</Property>
          <Property name="ReadOnly">false</Property>
          <Property name="ReadGroups">true</Property>
          <Property name="WriteGroups">true</Property>
          <Property name="UsernameJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="UsernameJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
          <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
          <Property name="RolenameJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="RolenameJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="CaseInsensitiveUsername">true</Property>
          <Property name="SCIMEnabled">true</Property>
          <Property name="IsBulkImportSupported">false</Property>
          <Property name="PasswordDigest">SHA-256</Property>
          <Property name="MultiAttributeSeparator">,</Property>
          <Property name="StoreSaltedPassword">true</Property>
          <Property name="MaxUserNameListLength">100</Property>
          <Property name="MaxRoleNameListLength">100</Property>
          <Property name="UserRolesCacheEnabled">true</Property>
          <Property name="UserNameUniqueAcrossTenants">false</Property>
          <Property name="validationQuery">SELECT 1</Property>
          <Property name="validationInterval">30000</Property>
          <Property name="CountRetrieverClass">org.wso2.carbon.identity.user.store.count.jdbc.JDBCUserStoreCountRetriever</Property>
          <Property name="Description">Sample JDBC user store configuration</Property>
    </UserStoreManager>

    If you are using the same RDBMS as the user store in your system, this datasource reference would suffice. However, if you have set up a separate RDBMS as the user store, instead of using a common RDBMS for authorization information as well as the user store, you must refer to the datasource configuration from within the User Store Manager configuration in the user-mgt.xml file by adding the <Property name="dataSource"> property.

Note

If When you have set the username claim as a default claim, by default, the Username field in the User Profile user profile does not get populated with the username claim. To populate the Username field with the username claim:

  1. Apply the WUM update that was released on Feb 09, 2019.

    Warning

    You can deploy  WUM updates  into production only if you have a paid subscription. If you do not have a paid subscription, you can use this feature when the next version of WSO2 Identity Server is released.

  2. Open the user-mgt.xml file in the <IS_HOME>/repository/conf directory.

  3. Add the following property under the <Configuration> tag and set it to false.

    Code Block
    <UserManager>
    	<Realm>
    		<Configuration>
            ...        
            <OverrideUsernameClaimFromInternalUsername>true<<OverrideUsernameClaimFromInternalUsername>false</OverrideUsernameClaimFromInternalUsername>
            ...
    Info
    • The default value of this property is false. It enables retrieving the username claim fro the UM_USER table and setting the Username field to read-only.
    • To override the username claim with the internal username, set this property to true.
  4. To verify whether the Username field is populated with the username claim:
    1. Restart WSO2 Identity Server and access the Management Console.
    2. On the Main menu, click Identity > Users and Roles > List.
    3. Click Users.
    4. Cilck User Profile of a preferred user.

      Note that the Username field is populated with the username claim.

...