Setting up a MySQL Secondary User Store for WSO2 Identity Server
WSO2 Identity Server supports configuring as many as secondary user stores depending on the organization requirement. It may be for different departmental units, customers, partners or maybe for new acquisitions.
WSO2 Identity Server supports configuring as many as secondary user stores and its support below options:
- Microsoft Active Directory
RDBMS is a common use case for setting up a secondary user store and MySQL is one of the favorite selection. Setting up MySQL (any RDBMS) as a secondary database, consist of 02 main steps:
- Setting up MySQL database schema
- Configuring WSO2 Identity Server
Setting up MySQL database schema
Below are the high-level steps for setting up the MySQL database schema:
- Install MySQL on your environment
- Navigate to [IS_HOME]/dbscripts folder. It has many database scripts supporting all the popular RDBMS. Execute the script file — mysql<version>.sql depending on your MySQL version. You may have to create the database prior to executing the script since it assumes that the required database is already created and selected.
- Verify that the database/ tables are created
Configuring WSO2 Identity Server
Assuming you have already installed WSO2 Identity Server, below are the high-level steps for configuring WSO2 Identity Server to use newly created MySQL database as a secondary user store:
- Before starting WSO2 Identity Server, download JDBC Connector — in our case, MySQL connector to enable the communication between WSO2 Identity Server and MySQL. You can download it from http://dev.mysql.com/downloads/connector/j/. Copy the downloaded mysql-connector-java-<version>-bin.jar to [IS_HOME]//repository/component/lib directory.
- Start the WSO2 Identity Server by invoking wso2server.sh or wso2server.bat
- Select Main -> User Stores -> List to see existing user stores. As you can see, we don’t see any user stores at the moment as by design, PRIMARY user store is not shown in the Management Console
- Select Main -> User Stores -> Add to add a new secondary user store. Fill in the required information related to the new user store.
User Store Manager Class — select the user store manager class that suits your user store. In our case, we choose org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager as we want to use a JDBC-based user store. For more information on User Store Manager Class, refer to — https://docs.wso2.com/display/IS580/Configuring+Secondary+User+Stores
Domain Name — a unique name to identify the user store. In our case, partners as the user store name.
Connection URL — connection URL to the MySQL database which can include additional connection parameters as well. In our case, it is jdbc:mysql://localhost:3306/newuserstore?useSSL=FALSE which connects to localhost instance of MySQL without SSL.
Connection Name — user name which used to connect to the MySQL. In my case, root.
Connection Password — password of the user which used to connect to MySQL. In my case password of root.
Driver Name — fully qualified JDBC driver name which used to connect to the database. This driver should be available in the [IS_HOME]/repository/components/lib folder. In our case, com.mysql.jdbc.Driver.
For a complete list of parameters, please refer to — https://docs.wso2.com/display/IS580/Configuring+a+JDBC+User+Store
- Click Test Connection to verify the connection and click Add to save the new user store configuration
- Now when you navigate to Main -> User Stores -> List to see existing user stores, you will the newly added user store
- We can add a new user into the new user store by navigating to Main -> User and Roles -> Add ->Add New User. Select the newly created user store name — partner as the domain and create a new user.
- We can newly added user by navigating to Main -> Users and Roles -> Users -> Users. We can see newly added user associated with the secondary user store.
This high-level walkthrough demonstrates how to configure a MySQL database as a secondary user store with WSO2 Identity Server. We can follow same steps to configure any other RDBMS as a secondary user store.