Use Case scenarios with WSO2 Identity Server 5.0.0 - Part 2

Hi All,

Today lets talk about database connectivity with WSO2 Identity Server.  As you know WSO2 Identity Server can be deployed over any LDAP, AD or JDBC user store. In fact, you can create write a custom user store manager , and connect to any legacy databases.

The WSO2 IS has the concept of primary database and secondary databases. If you are to change the primary database, you will have to change the configuration files and start-up the server. But , if you are going to add the secondary databases, you can do this through the IS management console. This is some background information on the product.

Now, lets talk about a common use case scenario.

Say, you have a need of connecting the IS server to many databases. Clearly you can do this by connecting all the databases as secondary databases. Therefore, if a use is trying to get authenticated, the user will be authenticated against checking all the databases connected.

Solution 1
-------------
If your user bases are located in different geographical locations, say for an example you have three offices located in three countries , and you need to connect Identity Server to the three user databases located in these countries, what  you can do is connecting these databases as secondary databases via VPN connections.

Solutions 2
----------------
Another solution would be to have 3 Identity Servers in each of these countries, and have one central Identity Server where you can provision users from other three servers to the central server where the user will be authenticated against.

Please check on following resource links for implementation of these scenarios :-

[1] https://docs.wso2.com/display/IS500/Working+with+User+Stores
[2] https://docs.wso2.com/display/IS500/Configuring+Primary+User+Stores
[3] https://docs.wso2.com/display/IS500/Configuring+Secondary+User+Stores
[4] https://docs.wso2.com/display/IS500/Identity+Provisioning+Concepts
[5] https://docs.wso2.com/display/IS500/Identity+Provisioning

Cheers ! Last post for year 2014...have a wonderful 2015 ahead...see you in the next year ;)

Product releases, and relevant information - WSO2

This is just a note + anyone who is looking for this information - not a fancy blog post :)
---------------------------------------------------------------------------------


Once a WSO2 product is released,  the release related information is recorded in the release matrix [1] :-

[1] http://wso2.com/products/carbon/release-matrix/

You can refer the relevant release dates , the released chunk , relevant P2 repo link (for feature installations), compatible carbon version, and the platform.

If you click on P2 repo link , it will redirect you to the relevant P2 repo information and the link. We use this for the feature installations for the WSO2 Products. For and example, when you need to install WSO2 Identity Server , Key Manager to WSO2 API-M, then you can install those features to API-M using the relevant P2 repo link.

If you want to refer the relevant source code for a particular release, you can check the the Chunk where the product is released.

Normally, in the WSO2 svn, there will be following categories.

1) trunk  - normal development
2) branch - getting ready for a relase development
3) tag - once released the product is available under the tag


If you want to look for the source code for a particular release you can check under the relevant released , you can check for the chunk the product is released, then check for the relevant feature source code under  components...

For an example :-

API-M 1.8.0 can be found under [1], and you can check relevant source code for API-M : Store at [2].

[1] https://svn.wso2.org/repos/wso2/carbon/platform/tags/turing-chunk14/products/apimgt/1.8.0/
[2] https://svn.wso2.org/repos/wso2/carbon/platform/tags/turing-chunk14/components/apimgt/api-store-web/

Cheers..!!!

How to enable audit logs for WSO2 API-M

In API-M there is no audit logs enabled by default. If you consider IS, start up the server and log-in as admin, you can see under [IS-HOME]/repository/logs folder there is a file called audit.log.

But this is not the case with WSO2 API-M. The audit logs are not enabled by default with API-M. You have to manually enable it in configurations files. But this can be done in few easy steps.

1) Download WSO2 API Manager
2) Then extract it to a folder
3) Go to [API-M HOME]/repository/conf/log4j.properties file and add the following configuration for the log file

log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE


then add the following set of configurations...

# Appender config to AUDIT_LOGFILE
log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
log4j.appender.AUDIT_LOGFILE.Append=true
log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.AUDIT_LOGFILE.threshold=INFO
log4j.additivity.AUDIT_LOG=false

4) Save the configurations and start the server

5) TA-DA now you have the audit logs in API-M :)

Use cases with WSO2 IS 5.0.0 - Part 2 - User Provisioning - Part 1

Lets discuss about a user provisioning use case with regards to the provisioning framework of WSO2 Identity Server 5.0.0.

With the introduction of the the new Identity Server, There are lot of provisioning capabilities available. There are 3 major concepts as Inbound, outbound provisioning and Just-In-Time provisioning. Inbound provisioning means , provisioning users and groups from an external system to IS. Outbound provisioning means , provisioning users from IS to other external systems. JIT provisioning means , once a user tries to login from an external IDP, a user can be created on the fly in IS with JIT. Please read this awesome blog post about Provisioning framework of WSO2 Identity Server.

Now, lets take a sample scenario and talk about provisioning would work using provisioning capabilities of WSO2 IS.

The above diagram depicts a scenario where a user will be provisioned from and external system (Inbound provisioning), and in the same flow once the user is provisioned to the IS - A, this user will be provisioned to the other external systems like Google Apps, or another IS (Out bound provisioning).

From an external system you can provision users with SCIM or SPML connector, as well as you can use SOAP admin services to add a user. Or else another option would be, if none of the above mentioned can be used, you can always write a custom provisioning connector and plug in with WSO2 Identity Server.

For provisioning users to external systems, there are OOTB connectors shipped with WSO2 IS, or else you can always write a custom connector according to your requirement.

Lets talk about how to configure such a provisioning scenario in the next related post .....

Run Time Governance Use Case with WSO2 GREG and ESB - 1

Hi Ya''ll,

Long time ...How are you all doing? It is Christmas time again....Lets try to learn a run time governance scenario with WSO2 Governance Registry today.....:)

Lets start understanding the scenario with a diagram....

We can describe the above diagram as follows :-

1. Custom security policy is uploaded via GREG.
2. GREG is mounted with ESB.
3. Security proxy is created applying the custom policy in the registry (referring the policy in the GREG)
4. Proxy is created for the service hosted in the application server.

Once the service is invoked via SoapUI, since the security policy is applied at ESB , it will refer to the policy in the Governance Registry at the rum-time. Once the security policy is properly validated, the response will be passed back to the invoking party.

In the next post lets talk about how to simply build up the above scenario......

Bye bye for now...:)