APIM manage workflow with multiple roles APIM 3.0.0 per API based subscription workflow Logging internal HTTP requests Log APIM analytics events to a file Monetization and sample with WSO2 API Manager 2.6.0 Share application and subscription among a set of specific groups or roles WSO2 APIM Correlating analytics event with correlationID APIM analytics distinguish production and sandbox traffic APIM 2.x.x analytics internal and analytics tuneup Configure APIM(Next release) Key Manager User stores APIM(Next release) working with key manager DAS 3.x Parse system variables to Spark Context Revoke OAuth application In APIM 2.1.0 Next WSO2 APIM powered by WSO2 Ballerina Configure WSO2 APIM Analytics on Cluster environment Configure WSO2 DAS 3.1.0 for WSO2 APIM 2.0.0 Analytics WSO2 APIM publishing custom statistics WSO2 APIM Error codes Working with WSO2 message tracer Use DAS admin service to query using Spark SQL Configure WSO2 APIM Analytics using XML WSO2 APIM Generating and Retrieving Custom Statistics Understanding WSO2 APIM Statistics Model Publishing WSO2 APIM 1.10.x Runtime Statistics to DAS with RDBMS Publishing_APIM_1100_Runtime_Statistics_to_DAS Aggregate functions with WSO2 DAS REST API Create a cApp for WSO2 DAS Debugging WSO2 Products using OSGI console. Publishing APIM Runtime Statistics to DAS Deploy cApp on WSO2 DAS How to configure and start the Accumulo minicluster How to setup DNS server on Ubuntu and Ubuntu server How to use Java Reflection how to install apache web server on ubuntu and ubuntu server How to install Mail server on Ubuntu and Ubuntu server How to install squirrelmail webmail client on Ubuntu and Ubuntu Server Pass and return String value to JNI method Pass and return numeric value to JNI method Calling a C Function from the Java Programming Language using JNI AXIS 2 Sample web service Client with maven and eclipse How to setup AXIS 2 with Apache Tomcat AXIS 2 Sample web service with maven and eclipse Robot framework Sample with Selenium Robot framework Custom Library Sample Behaviour-Driven Development with JBehave and Eclipse Play Audio with Netbeans and linking with LibVLC Implement LibVLC based player with QT-part2 Simple Audio playing sample with LibVLC How to install LibVLC on Ubuntu Implement LibVLC based player with QT-part1
Configure APIM(Next release) Key Manager User stores
  1. Introduction

    APIM 3.0.0 Key manager runtime support following user stores by default.

    • JDBC User store
    • Ldap User store
  2. Configure User stores

    Since Key manager provides JDBC and LDAP default implementation by default, in the configuration you can select which user store to be used. By Default JDBC is selected and you can select it to LDAP.

    To change the connector type the following property in deployment.yaml

        connectorType: JDBC
        
  3. Configure JDBC User store connector
        jdbcProperties:
    dataSource: WSO2_UM_DB
        

    default User Management DB’s JNDI name is set to WSO2_UM_DB and it need to be configured in the deployment.yaml as follow.

        dataSources:
        - name: WSO2_UM_DB
        description: The datasource used for user management
        # JNDI mapping of a data source
        jndiConfig:
        # JNDI name
        # THIS IS A MANDATORY FIELD
        name: jdbc/WSO2UM_DB
        # JNDI Reference Flag
        useJndiReference: false
        # data source definition
        definition:
        # data source type
        # THIS IS A MANDATORY FIELD
        type: RDBMS
        # data source configuration
        configuration:
        jdbcUrl: 'jdbc:h2:./database/UM_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000'
        username: wso2carbon
        password: wso2carbon
        driverClassName: org.h2.Driver
        maxPoolSize: 50
        idleTimeout: 60000
        connectionTestQuery: SELECT 1
        validationTimeout: 30000
        isAutoCommit: false
    
  4. Configure LDAP User store connector

    Ldap related configurations can be found under the ldapProperties in deployment yaml as follow.

    ldapProperties:
    ldap.ConnectionName: uid=admin,ou=system
    ldap.GroupEntryObjectClass: groupOfNames
    ldap.UserNameSearchFilter: (&(objectClass=person)(uid=?))
    ldap.ConnectionURL: ldap://localhost:10389
    ldap.InitialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
    ldap.connectorClass: org.wso2.carbon.auth.user.store.connector.ldap.LDAPUserStoreConnector
    ldap.GroupSearchBase: ou=Groups,dc=wso2,dc=org
    ldap.ConnectionPassword: admin
    ldap.UserNameAttribute: uid
    ldap.GroupSearchFilter: (&(objectClass=groupOfNames)(cn=?))
    ldap.UserEntryObjectClass: identityPerson
    ldap.GroupAttribute: cn
    ldap.SecurityAuthentication: simple
    ldap.UserNameListFilter: (objectClass=person)
    ldap.GroupListFilter: (objectClass=groupOfNames)
    ldap.UserSearchBase: ou=Users,dc=wso2,dc=org
        

    Ldap Server need to be configure with user/group nodes. Also, new schemes need to be import to LDAP server before working with the key manager. These schemes can be found in the following location and can be imported into LDAP server.

    You can use the following command to import schemas

    ldapadd -Y EXTERNAL -H ldapi:// -f 1-wso2Person.ldif
    ldapadd -Y EXTERNAL -H ldapi:// -f 2-scimPerson.ldif
    ldapadd -Y EXTERNAL -H ldapi:// -f 3-identityPerson.ldif
    ldapadd -Y EXTERNAL -H ldapi:// -f userPassInfo.ldif
        

    You also need to create a tree node for both users and groups in your LDAP.

    Ex:

        ou=Groups,dc=wso2,dc=org
        ou=Users,dc=wso2,dc=org
        

    Or else you can import group.ldif and users.ldif into LDAP to create them. Before import edit them and edit dn record as suitable to your LDAP.

    Also, you can get preconfigured docker image from docker hub with name ruks/ldap.

  5. Changing other properties

    So full set of configuration parameters is looks like below. You can override them and can be include into deployment.yaml of appropriate runtime in order to configure key manager components.

    wso2.carbon.auth:
       # User Store Configurations
     userStoreConfiguration: 
       attributes:
       - attribute: userName
         displayName: Username
         regex: .*
         required: true
         unique: true
       - attribute: givenName
         displayName: First Name
         regex: .*
         required: false
         unique: false
       - attribute: lastName
         displayName: Last Name
         regex: .*
         required: false
         unique: false
       - attribute: email
         displayName: Email
         regex: .*
         required: false
         unique: false
       - attribute: phoneNumber
         displayName: Phone Number
         regex: .*
         required: false
         unique: false
       - attribute: address
         displayName: Address
         regex: .*
         required: false
         unique: false
       - attribute: organization
         displayName: Organization
         regex: .*
         required: false
         unique: false
       connectorType: JDBC
       hashAlgo: SHA256
       iterationCount: 4096
       jdbcProperties:
         dataSource: WSO2_UM_DB
       keyLength: 256
       ldapProperties:
         ldap.ConnectionName: uid=admin,ou=system
         ldap.GroupEntryObjectClass: groupOfNames
         ldap.UserNameSearchFilter: (&(objectClass=person)(uid=?))
         ldap.ConnectionURL: ldap://localhost:10389
         ldap.InitialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
         ldap.connectorClass: org.wso2.carbon.auth.user.store.connector.ldap.LDAPUserStoreConnector
         ldap.GroupSearchBase: ou=Groups,dc=wso2,dc=org
         ldap.ConnectionPassword: admin
         ldap.UserNameAttribute: uid
         ldap.GroupSearchFilter: (&(objectClass=groupOfNames)(cn=?))
         ldap.UserEntryObjectClass: identityPerson
         ldap.GroupAttribute: cn
         ldap.SecurityAuthentication: simple
         ldap.UserNameListFilter: (objectClass=person)
         ldap.GroupListFilter: (objectClass=groupOfNames)
         ldap.UserSearchBase: ou=Users,dc=wso2,dc=org
       readOnly: false
       superUser: admin
       superUserPass: admin
       # Key Management Configurations
     keyManagerConfigs:
         # Access token default validity period
       defaultTokenValidityPeriod: 3600
        
        
  6. References

Add Comment

* Required information
1000
Powered by Commentics

Comments (0)

No comments yet. Be the first!