Tuesday, May 15, 2018

Using Active Directory as the User Store for WSO2 Identity Server in Read Write Mode

Using an Active directory as a read only user store in WSO2 Identity Server is very much straight forward. It can be treated as a read-only LDAP and can be configured with slight modifications to the read only LDAP user store configurations.

However configuring an AD as a read/write user store need some additional work, because the update operations need to be run in ldaps (ldap + ssl). In this post I will show how to generate a certificate for the AD to be used for SSL connection. The next post will be on the configurations to be done at WSO2 IS to use this AD.



Open "Server Manager" and go to "Roles" 


Go to Add roles, and you will get a wizard

At the following screen select "Active directory certificate services"


Select the "Certificate Authority" as the role service to install

Specify the setup type as enterprise and CA type as Root CA


Create a private key using the default configurations (RSA with 2048 length)


Specify CN and validity and finish the installation





Now the Certificate Authority feature should have been installed. Launch it from the programs menu.

Now it will show the installed CA, right click and go to properties

Click "View Certificate" to view the certificate

Go to details tab and click "Copy to File" to initiate the certificate export wizard


Select Base 64 encoded X.509 as the format and specify the export location and finish the export





Now to complete the setup there are two more things remaining, that is to import the certificate to the WSO2 IS's truststore and to configure AD as a userstore of WSO2 IS.

To import the certificate to the truststore use the following key tool command.

keytool -import -trustcacerts -alias adcert -file cert_file_with_path.crt -keystore trustore_with_path.jks


cert_file_with_path.crt refers to the path of the certificate file you exported as in part 1. trustore_with_path.jks is the path of the WSO2 IS trustore which is at [wso2is_home]/repository/resources/security/client-truststore.jks


Finally we have to configure the user-mgt.xml of IS to use the AD as IS's primary userstore (If you are to use the AD as a secondary userstore you can use the similar property values at the admin console UI)

2 comments:

  1. Wynn Las Vegas - Dr.MCD
    Wynn Las Vegas is 김포 출장샵 a 5-minute walk from Sands Expo Convention Center and includes a full-service spa, oasis style 경상남도 출장안마 pools, and an 강릉 출장마사지 outdoor pool. 고양 출장안마 Rating: 4.5 · ‎13,746 서산 출장마사지 reviews

    ReplyDelete
  2. Countries such as the USA, have much more advanced playing regulatory course of. Moreover, in nations like India, playing is under strict control. With every individual country enacting totally different playing legal guidelines, it is robust to be familiar with all of them. Online playing and gaming within the United States exists in a really advanced environment, the place each governmental legal guidelines and public sentiment play an enormous function. Gambling itself was largely practiced within the early 1xbet U.S., mainly within the form of lotteries, until it was fully banned within the 1890’s. Gambling slowly started to make its method back and was formally legalized in Nevada in 1931.

    ReplyDelete