Setting up a MySQL Secondary User Store for WSO2 Identity Server

WSO2 Identity Server supports configuring as many as secondary user stores depending on the organization requirement. It may be for different departmental units, customers, partners or maybe for new acquisitions.

WSO2 Identity Server supports configuring as many as secondary user stores and its support below options:

  • LDAP

RDBMS is a common use case for setting up a secondary user store and MySQL is one of the favorite selection. Setting up MySQL (any RDBMS) as a secondary database, consist of 02 main steps:

  • Setting up MySQL database schema

Setting up MySQL database schema

Below are the high-level steps for setting up the MySQL database schema:

  • Install MySQL on your environment
[IS_HOME]/dbscripts folder
  • Verify that the database/ tables are created
A portion of the MySQL User Store Schema

Configuring WSO2 Identity Server

Assuming you have already installed WSO2 Identity Server, below are the high-level steps for configuring WSO2 Identity Server to use newly created MySQL database as a secondary user store:

  • Before starting WSO2 Identity Server, download JDBC Connector — in our case, MySQL connector to enable the communication between WSO2 Identity Server and MySQL. You can download it from http://dev.mysql.com/downloads/connector/j/. Copy the downloaded mysql-connector-java-<version>-bin.jar to [IS_HOME]//repository/component/lib directory.
PRIMARY User Store not shown in the Management Console
  • Select Main -> User Stores -> Add to add a new secondary user store. Fill in the required information related to the new user store.
Configure the new User Store

User Store Manager Class — select the user store manager class that suits your user store. In our case, we choose org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager as we want to use a JDBC-based user store. For more information on User Store Manager Class, refer to — https://docs.wso2.com/display/IS580/Configuring+Secondary+User+Stores

Domain Name — a unique name to identify the user store. In our case, partners as the user store name.

Connection URL — connection URL to the MySQL database which can include additional connection parameters as well. In our case, it is jdbc:mysql://localhost:3306/newuserstore?useSSL=FALSE which connects to localhost instance of MySQL without SSL.

Connection Name — user name which used to connect to the MySQL. In my case, root.

Connection Password — password of the user which used to connect to MySQL. In my case password of root.

Driver Name — fully qualified JDBC driver name which used to connect to the database. This driver should be available in the [IS_HOME]/repository/components/lib folder. In our case, com.mysql.jdbc.Driver.

For a complete list of parameters, please refer to — https://docs.wso2.com/display/IS580/Configuring+a+JDBC+User+Store

  • Click Test Connection to verify the connection and click Add to save the new user store configuration
New MySQL JDBC User Store
  • We can add a new user into the new user store by navigating to Main -> User and Roles -> Add ->Add New User. Select the newly created user store name — partner as the domain and create a new user.
List all Users for all the User Stores

This high-level walkthrough demonstrates how to configure a MySQL database as a secondary user store with WSO2 Identity Server. We can follow same steps to configure any other RDBMS as a secondary user store.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joy Rathnayake

Solutions Architect | Public Speaker | MVP | MCT | Trainer | Author | Mentor | Community Leader | Blogger