This documentation is for WSO2 API Manager 1.4.0 View documentation for the latest release.
Page Comparison - Saving Access Tokens in Separate Tables (v.3 vs v.6) - API Manager 1.4.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3


To enable user token partitioning, you should change the <EnableAssertions> and <AccessTokenPartitioning> elements in <APIM_HOME>/repository/conf/identity.xml file.


Assertions are used to embed parameters into tokens in order to generate a strong access token. You can also use these parameters later for various other processing functionality. At the moment, API Manager only supports UserName as an assertion.


Also set the user store domain names and mappings to new table names. For example,

  • if userId = where '' is the user store domain name, then a 'mapping:domain' combo can be defined as ''.
  • 'A' is the mapping for the table that stores tokens relevant to users coming from '' user store.


According to the information given above, change the following section under the <APIKeyManager> element in the identity.xml file .as shown in the following example:

Code Block
<!-- Assertions can be used to embedd parameters into access token.-->

<!-- This should be set to true when using multiple user stores and keys should saved into different tables according to the user store. By default all the application keys are saved in to the same table. UserName Assertion should be 'true' to use this.-->
     <!-- user store domain names and mappings to new table names. eg: if you provide '', should be the user store domain   
     name and 'A' represent the relavant mapping of token storing table, i.e. tokens relevant to the users comming from user store     
     will be added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. --> 
     <AccessTokenPartitioningDomains><!--, --></AccessTokenPartitioningDomains>