Federated User Registry1.0
This feature enables support for federation of multiple user registries.
Enabling this feature
To enable the Federated User Registry 1.0 feature, add the following element declaration into your server.xml
file, inside the featureManager
element:
<feature>federatedRegistry-1.0</feature>
Examples
Federation of basic registries
If two or more basic registries are configured in your server.xml
file or in a userRegistry.xml
file, you can combine them into a single federated registry. To federate two or more basic registries, enable both the Application Security feature and the Federated User Registry feature and the registries federate by default.
User registries that are configured with the quickStartSecurity
element cannot be federated with other registries.
Federation of custom registries
You can add basic or custom registries to a custom federated repository by defining the participatingBaseEntry
name attribute in the federatedRepository
element. The participating base entry for a custom or basic registry is the o
organization attribute set to equal the realm name of that registry, for example, "o=RealmName"
. The realm name for a user registry is the value that is returned from the getRealm()
method of that registry. The participating base entry for a custom repository is one of the base entries that is returned by the getRepositoryBaseEntries()
method for that repository.
The following example shows the federation of a basic registry and a custom registry:
<federatedRepository>
<primaryRealm name="PrimaryRealm">
<participatingBaseEntry name="o=SampleBasicRealm1"/>
<participatingBaseEntry name="o=customRegistryRealm1"/>
</primaryRealm>
</federatedRepository>
Federation of LDAP registries
LDAP registries are federated by default. For configuration examples, see LDAP User Registry.