Federated User Registry 1.0

This feature enables support for federation of multiple user registries.

Enabling this feature

To enable the Federated User Registry 1.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:

<feature>federatedRegistry-1.0</feature>

Examples

Federation of basic registries

If two or more basic registries are configured in your server.xml file or in a userRegistry.xml file, you can combine them into a single federated registry. To federate two or more basic registries, enable both the Application Security feature and the Federated User Registry feature and the registries federate by default.

User registries that are configured with the quickStartSecurity element cannot be federated with other registries.

Federation of custom registries

You can add basic or custom registries to a custom federated repository by defining the participatingBaseEntry name attribute in the federatedRepository element. The participating base entry for a custom or basic registry is the o organization attribute set to equal the realm name of that registry, for example, "o=RealmName". The realm name for a user registry is the value that is returned from the getRealm() method of that registry. The participating base entry for a custom repository is one of the base entries that is returned by the getRepositoryBaseEntries() method for that repository.

The following example shows the federation of a basic registry and a custom registry:

<federatedRepository>
    <primaryRealm name="PrimaryRealm">
        <participatingBaseEntry name="o=SampleBasicRealm1"/>
        <participatingBaseEntry name="o=customRegistryRealm1"/>
    </primaryRealm>
</federatedRepository>

Federation of LDAP registries

LDAP registries are federated by default. For configuration examples, see LDAP User Registry.

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-14.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.federatedRegistry-1.0; type="osgi.subsystem.feature"

SPI packages provided by this feature

  • com.ibm.wsspi.security.wim

  • com.ibm.wsspi.security.wim.exception

  • com.ibm.wsspi.security.wim.model