Federated User Registry1.0
This feature enables support for federation of multiple user registries.
Enabling this feature
To enable the Federated User Registry 1.0 feature, add the following element declaration into your server.xml
file, inside the featureManager
element:
<feature>federatedRegistry-1.0</feature>
Examples
Default federation of user registries
If two or more user registries are configured in your server.xml
file or in a userRegistry.xml
file, you can combine them into a single federated user registry. When you enable the Federated User Registry feature, any user registries that are defined in your server.xml
file or in a userRegistry.xml
file are federated by default. This default federation applies to basic, LDAP, and custom user registries. However, user registries that are configured with the quickStartSecurity
element cannot be federated with other user registries.
Custom federation of user registries
To federate a subset of user registries into a custom federated repository, you can define the participatingBaseEntry name
attribute in the federatedRepository
element. This configuration can be useful if you want to exclude certain user registries from a federated group by selectively including only the user registries that you want to federate. To avoid failures if any user registry is unavailable, set the allowOpIfRepoDown
attribute on the primaryRealm
subelement to true
, as shown in the following example.
The following example shows the federation of a basic user registry and a custom user registry in a custom federated repository:
<federatedRepository>
<primaryRealm name="PrimaryRealm" allowOpIfRepoDown="true">
<participatingBaseEntry name="o=SampleBasicRealm1"/>
<participatingBaseEntry name="o=customRegistryRealm1"/>
</primaryRealm>
</federatedRepository>
The participating base entry for a user registry is defined by the participatingBaseEntry
element. The participating base entry value for a custom or basic user registry is the o
organization attribute set to equal the realm name of that user registry. The realm name for a user registry is the value that is returned from the getRealm()
method of that user registry. The participating base entry for a custom user repository is one of the base entries that is returned by the getRepositoryBaseEntries()
method for that repository.