New user store managers of WSO2 IS?
WSO2 recently announced it’s latest IAM product version which is WSO2 Identity Server 5.10.0.
There were cool features such as Passwordless authentication, The all-new Self-care portal, etc. You can read this blog if you are interested in all of them. :)
But in this blog, I’m gonna give you an introduction about the new user store manager revamping with the unique user identifier.
Why need a new architecture?
Before WSO2 IS 5.10.0, the username of the user was considered as an immutable attribute across the Identity Server and there was no other unique user identifier for all the users apart from the SCIM ID which is only applicable for SCIM enabled user stores. Therefore these new changes have been introduced to overcome the above limitations and enable new capabilities in the product via that.
What we can expect with this change?
WSO2 5.10.0, we get an immutable user identifier that is unique across the system and maintains a mapping with all the other user attributes which will enable the following capabilities in the product eventually.
- Provide a unique user identifier across the system — This id will be used for new Admin REST APIs, Identify the user internally and the same ID will be used as the SCIM ID as well.
- Multi-attribute login capability — The users will be able to have multiple login identifiers such as username, email address, mobile number, or any other identifier that’s unique across the system as for their preference.
- Username renaming capability — The users will be able to change them without having any impact on the existing system.
What you get from IS 5.10.0?
Well, as for the initial phase the user core architecture has been improved with the new unique user identifier. So the new set of user core APIs has been introduced and the SCIM 2.0 implementation has been improved by consuming new APIs. Also from IS 5.10.0 onwards, you will get a new set of user store manager implementations that utilize the new user core APIs. The following are the new user store managers you will have in the latest IS version.
- UniqueIDJDBCUserStoreManager
- UniqueIDReadOnlyLDAPUserStoreManager
- UniqueIDReadWriteLDAPUserStoreManager
- UniqueIDActiveDirectoryUserStoreManager
You can refer to the below diagram to get an idea about the class hierarchy with the old user store managers.
So the old user store mangers are not removed from the product yet in order to preserve the backward compatibility. You should be able to see all the types of user store managers available from the WSO2 IS management console. But if you are a new user, you should always use new user store managers for your IS deployment in order to leverage the new features and future improvements.
As you can see all the new user store manager names have the UniqueID prefix. Also in the implementation, all the new APIs and methods have the WithID suffix. So if you are someone who is familiar with old user store managers make sure to use new APIs in case if you are doing any customizations.
As an example, if you are writing a custom user store manager to change the default authentication mechanism you can override the relevant methods as below,
I hope now you have a clear idea about the recent changes that have been introduced related to WSO2 IS user store mangers. In the next blog, I’m planning to write about how you can implement a custom authenticator to enable multi-attribute login using the new user core APIs.
Reference:
