WSO2 IS: Create Custom User Store

In this post, we will see what is a Custom User Store in WSO2 Identity Server, IS, and what is it for. And we will also see small differences in deploying it in a version in Identity Server 5.10 or 5.11.

IS is a product that allows us, among other functions, to manage users from different sources in a centralized way. This source, where the users and their roles are stored, is a User Store. By default, the IS allows us to configure different User Stores based on their origin (LDAP, DB, etc). But we can also create our own type of User Store based on one of these and customizing certain methods.

As always, we are going to create a simple, step-by-step example. In it, we will customize the User Store, so that it verifies that the password is the text resulting from the encoding of the username. And the encoding algorithm can be configured in the custom user store itself.

We begin by creating a class that inherits from one of the default User Store. As of version 5.11 there are only User Stores with UniqueID prefix, which ensure that each user has a unique identifier.

For the example we have extended the UniqueIDJDBCUserStoreManager class, and for this we have created a DB schema with the necessary format to be used by WSO2. This script is located inside the product image itself and contains different types, depending on the DB where we want to create it.

In the method getDefaultUserStoreProperties we can add new configuration parameters, which will be shown in the UI. And the method doAuthenticateWithUserName will be the one we will overwrite to modify the default logic when a user logs in.

If we want to do more complex tasks and we do not see correctly which is the method to overwrite, we can always lower the debug level of the package where the class we are extending is located. And verify which are the methods that are invoked.

The next step will be to create a class that allows us to load our class dynamically with OSGI. To do so, the class must have the following elements:

• Annotation @Component associated to the class. It will allow to create the configuration automatically, through the maven-bundle-plugin, which must be included in our JAR.
• Annotation @Activate associated to a method. Which will register our class within the WSO2 context.

Now it is time to define the pom.xml file where we will mainly configure the maven-bundle-plugin.

Finally, you just need to deploy it in the ${WSO2_HOME}/repository/components/dropins/ folder and start the IS. In the src/test/resources folder there is a docker-compose of the source code, which can help you to deploy it. Once started, we will create the User Store from the side menu option ‘add User Store’.

This would be the operation for IS 5.10. And in the following version, although the elements explained above remain the same, the configuration is different.

For this, we will have to configure all the User Stores available in the IS, the default ones and the ones we create, in the configuration file deployment.toml.

[user_store_mgt]
allowed_user_stores=["org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager", "org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager", "org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager", "org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager", "es.home.example.wso2is.userstore.CustomUserStore10"]

And this has been all, if you want to see all the code you can do it here.