Showing posts with label Primary User store. Show all posts
Showing posts with label Primary User store. Show all posts

Thursday, July 9, 2015

Enable email login in WSO2 carbon products

To enable email address the below steps can be followed in any carbon product.

1. EnableEmailUserName in carbon.xml

<EnableEmailUserName>true</EnableEmailUserName>

2. Then provide the correct regex to allow email address in user store configuration in user-mgt.xml for JDBC user store
E.g.,

    <Property name="UsernameJavaRegEx">[a-
zA-Z0-9@._-|//]{3,30}$</Property>
3. Create admin user with email address in user in user-mgt.xml.

   <AdminUser>
                     <UserName>admin@wso2.com</UserName>
                     <Password>admin</Password>
  </AdminUser>
By the above configurations, it will enable email address.

If you want to give the both support, email address and username, you can include the below property in user store configuration.

4.  <Property name="
UsernameWithEmailJavaScriptRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>
      
To know how to do this for a LDAP, refer this well explained blog post [1] done for Identity server which is applicable for other carbon products as well. This document also explains the properties [2]

Posted by at 1 comment:
Labels: , , ,

Sunday, August 17, 2014

Configure WSO2 carbon with Active Directory as a primary user store and user role mapping

Following are some steps to carry on to configure WSO2 carbon product with an external active directory.

To add as a primary user store

1. Following documentation can be referred.

2. Following is  a sample configuration of the user-mgt.xml. Comment out the default configuration and uncomment the configuration related to Active directory and provide the following configurations.

 <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">

          <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>

          <Property name="defaultRealmName">WSO2.ORG</Property>

          <Property name="Disabled">false</Property>

          <Property name="kdcEnabled">false</Property>

          <Property name="ConnectionURL">ldaps://192.100.10.1:636</Property>

          <Property name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>

          <Property name="ConnectionPassword">password</Property>

          <Property name="passwordHashMethod">PLAIN_TEXT</Property>

          <Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>

          <Property name="UserEntryObjectClass">user</Property>

          <Property name="UserNameAttribute">cn</Property>

          <Property name="isADLDSRole">false</Property>

          <Property name="userAccountControl">512</Property>

          <Property name="UserNameListFilter">(objectClass=user)</Property>

          <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>

          <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>

          <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>

          <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>

          <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>

          <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>

          <Property name="ReadGroups">true</Property>

          <Property name="WriteGroups">true</Property>

          <Property name="EmptyRolesAllowed">true</Property>

          <Property name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>

          <Property name="GroupEntryObjectClass">group</Property>

          <Property name="GroupNameAttribute">cn</Property>

          <Property name="SharedGroupNameAttribute">cn</Property>

          <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>

          <Property name="SharedGroupEntryObjectClass">groups</Property>

          <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>

          <Property name="SharedTenantNameAttribute">ou</Property>

          <Property name="SharedTenantObjectClass">organizationalUnit</Property>

          <Property name="MembershipAttribute">member</Property>

          <Property name="GroupNameListFilter">(objectcategory=group)</Property>

          <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>

          <Property name="UserRolesCacheEnabled">true</Property>

          <Property name="Referral">follow</Property>

          <Property name="BackLinksEnabled">true</Property>

          <Property name="MaxRoleNameListLength">100</Property>

          <Property name="MaxUserNameListLength">100</Property>

          <Property name="SCIMEnabled">false</Property>

      </UserStoreManager>



3. If you need to add a user to login initially, you can configure it in the  user-mgt.xml. As an example we are going to create a user called dominoz with the password password#.


  <Configuration>

              <AddAdmin>true</AddAdmin>

              <AdminRole>admin</AdminRole>

              <AdminUser>

                   <UserName>dominoz</UserName>

                   <Password>password#</Password>

              </AdminUser>

          <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->

          <Property name="dataSource">jdbc/WSO2CarbonDB</Property>

      </Configuration>

4. If you need to add  the user “dominoz” under the  wso2.test tree structure, you should configure the following attribute.

<Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>


5. Following is a screenshot of the  Active directory configured with the user “dominoz”.

screen.pngFigure 1 : AD added initial user

6. Now your initial user is created  once you have started the setup.

7. Now you can login to carbon console as below providing the initial user credentials.
Username : dominoz           Password : password#

dominozlogin.png
Figure 2 : Carbon login page


8. Then you can create a role  with the preferred  permission or update the permission in  a role which is already created.  The newly created role will be created in the  tree structure defined in the following attribute.

<Property name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>

9. Click on the Configure -> Users  and Roles -> Roles -> Add New roles.   Select the Domain and provide the role name.
When you click on the roles, existing roles  in the given tree structure, will be displayed.

1.png
Figure 3 : Adding a role

10. Click next and the provide the required permission by selecting them.

2.png
Figure 4 : Configure permission

11. Then select the users you  need to add to the relevant role. You can search the users from the search function. All the existing users in the t configured tree structure will be displayed.

3.png
Figure 5 : add users to the role

12. Once you click on finish  the particular role should be added in the configured tree structure of the active directory.  following is a screenshot of the added role.
E.g., CN=Users,DC=wso2,DC=test


5.png
Figure 6 : Added role in the AD



13. Same as above, any other users can also be added  in the same manner into the given tree structure of the active directory.


Posted by at 3 comments:
Labels: , , ,
Subscribe to: Posts (Atom)