I am only getting started with WSO2 Identity Server.
What do I need?
- getting verification from LDAP server that user (entry) is existing there through WSO2 Identity Server.
Is it possible? Can I do this by adding a new identity Provider in https://localhost:9444/carbon/?
Any ideas or help.
Sorry, if my question is dumb.
Identity server comes with an embedded LDAP server as its primary userstore. But you can change userstore configurations so that IS works with your LDAP too. You also can add your LDAP as a secondary userstore as well.
After that, if you go to User and Roles section in UI, you should see Users and Roles existing in your LDAP.
Related
Let's say I want to have keycloak synced with the LDAP and use it as the source for authentication. (I've managed to do this already)
But is there a way to let the keycloak be itself the identity provider if, for some reason, the LDAP connection is down?
First you should avoid ldap going down, by setting HA, using HAproxy and keepalived for example, as for Keycloak, you can disable "Sync Registrations" in your keycloak LDAP IDP, and create users using the admin interface, these users are stored in your local database of keycloak, and not on the LDAP so even if its goes down those users can stil get access to Keyclaok.
Refer to https://www.janua.fr/understanding-keycloak-user-federation/ for more details.
I managed to create a custom LDAP Storage Provider to do this.
check How to create a custom UserStorageSPI on Keycloak
I'm trying to deploy a SOAP based authentication API in WSO2 Identity Server.
I want to deploy an Identity Provider based on JDBC (MySQL) User Store and expose it in a Service Provider to authenticate (user, password) and register users.
The User Store is already configured by MySQL. But, I don't find a clear documentation/tutorial/example to do this.
Can anyone help me?
Thanks.
I answer my own question:
http://soasecurity.org/2013/12/10/user-role-management-with-wso2-identity-server-apis/
Identity Server has an API to management user role, allowing authenticate, addUser, etc.
I tried to install two identity servers and both of them use the same MembershipReboot database with Multi Tenancy setting in identity server web.config. (defaultTenant="A" multiTenant="false") and (defaultTenant="B" multiTenant="false")
then I can saw the [UserAccounts] of MembershipReboot database what I accounts created on these two identity servers .
But When I try to login portal client from pass through these two identity servers. portal client passed to the Tenant A can login successful. but the other portal client passed through the Tenant B not.
I don't know how to fix it, may someone can help me, thanks.
IdentityServer v2 does not support multi-tenancy.
I have multiple tenants. Some tenant has single ldap server and some are using multiple so I want to configure multiple ldap connection using some user interface in WSO2 Identity Server. Please suggest what is the best way?
Configuring multiple user stores can be done and a detailed guide line of configuring ldap user store can be found in this blog post.
Configuring tenant specific user stores ain't support for the current versions of Identity Server but it is an one of new features of Identity Server 4.5.0 which will be released in July 2013.
Thanks,
I'm trying to browse the embedded ldap server of WSO2 Identity Server thanks to a LDAP client.
I didn't change the default configuration and I connected successfully as uid=admin,ou=Users,dc=wso2,dc=org.
But then, I don't see the other users I created thanks to WSO2 IS console.
Where and how can I see how the users are stored in the embedded ldap server?
With the default configuration, WSO2 Identity Server get connected to the embedded LDAP server using the user uid=admin,ou=system. And, users will be created in ou=Users,dc=wso2,dc=org and groups will be created in ou=Groups,dc=wso2,dc=org.
Did you create the user uid=admin,ou=Users,dc=wso2,dc=org ?
Use the ldapsearch command line tool or an LDAP browser.
see also
Using ldapsearch