Federated User Registry 1.0
This feature enables support for federation of multiple user registries.
To enable the Federated User Registry 1.0 feature, add the following element declaration into your
server.xml file, inside the
If two or more basic registries are configured in your
server.xml file or in a
userRegistry.xml file, you can combine them into a single federated registry. To federate two or more basic registries, enable both the Application Security feature and the Federated User Registry feature and the registries federate by default.
User registries that are configured with the
quickStartSecurity element cannot be federated with other registries.
You can add basic or custom registries to a custom federated repository by defining the
participatingBaseEntry name attribute in the
federatedRepository element. The participating base entry for a custom or basic registry is the
o organization attribute set to equal the realm name of that registry, for example,
"o=RealmName". The realm name for a user registry is the value that is returned from the
getRealm() method of that registry. The participating base entry for a custom repository is one of the base entries that is returned by the
getRepositoryBaseEntries() method for that repository.
The following example shows the federation of a basic registry and a custom registry:
<federatedRepository> <primaryRealm name="PrimaryRealm"> <participatingBaseEntry name="o=SampleBasicRealm1"/> <participatingBaseEntry name="o=customRegistryRealm1"/> </primaryRealm> </federatedRepository>
LDAP registries are federated by default. For configuration examples, see LDAP User Registry.
If you are developing a feature that depends on this feature, include the following item in the
Subsystem-Content header in your feature manifest file.