This documentation is for WSO2 Identity Server 5.6.0 . View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. There are two possible methods for updating datasources:
    Shown below is how master-datasources.xml file is configured to connect to the default H2 database in your system. If you have replaced the default database with a new RDBMS, which you are now using as the JDBC users store, you have to update the master-datasource.xml file with the relevant information.

    Code Block
                <description>The datasource used for registry and user manager</description>
                <definition type="RDBMS">
                        <validationQuery>SELECT 1</validationQuery>

    Alternatively, instead of using the master-datasource.xml file, you can also create a new XML file with the datasource information of your new RDBMS and store it in the same <PRODUCT_HOME>/repository/conf/datasources/ directory.

  2. Now, the datasource configuration and the user store manager configuration in user-mgt.xml file should be linked together. You can do this by referring the datasource information (typically defined in the master-datasources.xml file) from the user-mgt.xml file as explained below.
    The RDBMS that is used for storing authorization information is configured under the <Configuration> section in the user-mgt.xml file, by adding <Property name="dataSource"> as shown below. The following example refers to the default WSO2CarbonDB datasource.

    Code Block
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>

    Configuring user store manager no need to set the connection detail. See the following sample configuration.

    titlesample property JDBC with datasource
    Code Block
    <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
          <Property name="Disabled">false</Property>
          <Property name="ReadOnly">false</Property>
          <Property name="ReadGroups">true</Property>
          <Property name="WriteGroups">true</Property>
          <Property name="UsernameJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="UsernameJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
          <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
          <Property name="RolenameJavaRegEx">^[\S]{5,30}$</Property>
          <Property name="RolenameJavaScriptRegEx">^[\S]{5,30}$</Property>
          <Property name="CaseInsensitiveUsername">true</Property>
          <Property name="SCIMEnabled">true</Property>
          <Property name="IsBulkImportSupported">false</Property>
          <Property name="PasswordDigest">SHA-256</Property>
          <Property name="MultiAttributeSeparator">,</Property>
          <Property name="StoreSaltedPassword">true</Property>
          <Property name="MaxUserNameListLength">100</Property>
          <Property name="MaxRoleNameListLength">100</Property>
          <Property name="UserRolesCacheEnabled">true</Property>
          <Property name="UserNameUniqueAcrossTenants">false</Property>
          <Property name="validationQuery">SELECT 1</Property>
          <Property name="validationInterval">30000</Property>
          <Property name="CountRetrieverClass"></Property>
          <Property name="Description">Sample JDBC user store configuration</Property>

    If you are using the same RDBMS as the user store in your system, this datasource reference would suffice. However, if you have set up a separate RDBMS as the user store, instead of using a common RDBMS for authorization information as well as the user store, you must refer to the datasource configuration from within the User Store Manager configuration in the user-mgt.xml file by adding the <Property name="dataSource"> property.


If When you have set the username claim as a default claim, by default, the Username field in the User Profile user profile does not get populated with the username claim. To populate the Username field with the username claim:

  1. Apply the WUM update that was released on Feb 09, 2019.


    You can deploy  WUM updates  into production only if you have a paid subscription. If you do not have a paid subscription, you can use this feature when the next version of WSO2 Identity Server is released.

  2. Open the user-mgt.xml file in the <IS_HOME>/repository/conf directory.

  3. Add the following property under the <Configuration> tag and set it to false.

    Code Block
    • The default value of this property is false. It enables retrieving the username claim fro the UM_USER table and setting the Username field to read-only.
    • To override the username claim with the internal username, set this property to true.
  4. To verify whether the Username field is populated with the username claim:
    1. Restart WSO2 Identity Server and access the Management Console.
    2. On the Main menu, click Identity > Users and Roles > List.
    3. Click Users.
    4. Cilck User Profile of a preferred user.

      Note that the Username field is populated with the username claim.