RSS

Cassandra DB as Secondary user store in IS

04 Mar

The Apache Cassandra database is the right choice when you need scalability and high availability without compromising performance. So now the Cassandra User Store manager is available in IS from 4.1.0 release and we support the multiple credentials with Cassandra DB.

What is multiple credential support? see the following picture you can take some idea about this.
multiple credentials

Lets look at the configuration of Cassandra user as a secondary user store.

1. Extract the Cassandra DB and edit the following file $Cassandra_Home/conf/cassandra.yaml
Replace the following values with existing directory

data_file_directories: /home/dinuka/cassandra/data
commitlog_directory: /home/dinuka/cassandra/commitlog
saved_caches_directory: /var/lib/cassandra/saved_caches

2. Go to $Cassandra_Home/bin and run the cassandra file to start the Cassandra DB
cas

3. Go to $IS_HOME/repository/conf/carbon.xml and do the following changes.
Enable HTTP transport for All Admin Services
i. Please uncomment following element

<HttpAdminServices>*</HttpAdminServices>

Enable Email usernames support
i. Please uncomment following element

<EnableEmailUserName>true</EnableEmailUserName>

4. Now you need to go to $IS_HOME/repository/conf/user-mgt.xml and do the configuration as follows. I'm running IS and Cassandra both in Same machine.

     <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="defaultRealmName">WSO2.ORG</Property>
            <Property name="kdcEnabled">false</Property>
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserEntryObjectClass">identityPerson</Property>
            <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
	    <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
	    <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
	    <Property name="ReadLDAPGroups">true</Property>
	    <Property name="WriteLDAPGroups">true</Property>
	    <Property name="EmptyRolesAllowed">true</Property>
            <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
	    <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
	    <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
	    <Property name="SCIMEnabled">true</Property>
	    <Property name="maxFailedLoginAttempt">0</Property>
        </UserStoreManager>

	<UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager">
		<Property name="Keyspace">User_KS</Property>
		<Property name="Host">localhost</Property>
		<Property name="Port">9160</Property>
		<Property name="PasswordDigest">SHA-256</Property>
		<Property name="StoreSaltedPassword">true</Property>
		<Property name="AuthenticateWithAnyCredential">true</Property>
		<Property name="DomainName">multipleCredentialUserStoreDomain</Property>
		<MultipleCredentials>
			<Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
			<Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
			<Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential>
			<Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential>
			<Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential>
		</MultipleCredentials>
	</UserStoreManager>

5. Now you successfully done the configuration for secondary user store. for more details follow this configuration doc.

6. You can use the MultipleCredentialsUserAdmin service and write your own Java client to talk to IS and authenticate the users. IS 4.1.0 doesn't support the UI functionality but it will be available with future releases.

7. I have created some Jmeter client to talk to IS to authenticate the users with multiple credentials.you can download it here.

is

About these ads
 
Leave a comment

Posted by on March 4, 2013 in Identity Server, java, Other, wso2

 

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: