Cassandra DB as Secondary user store in IS

The Apache Cassandra database is the right choice when you need scalability and high availability without compromising performance. So now the Cassandra User Store manager is available in IS from 4.1.0 release and we support the multiple credentials with Cassandra DB.

What is multiple credential support? see the following picture you can take some idea about this.


Lets look at the configuration of Cassandra user as a secondary user store.

1. Extract the Cassandra DB and edit the following file $Cassandra_Home/conf/cassandra.yaml
Replace the following values with existing directory

data_file_directories: /home/dinuka/cassandra/data
commitlog_directory: /home/dinuka/cassandra/commitlog
saved_caches_directory: /var/lib/cassandra/saved_caches

2. Go to $Cassandra_Home/bin and run the cassandra file to start the Cassandra DB


3. Go to $IS_HOME/repository/conf/carbon.xml and do the following changes.
Enable HTTP transport for All Admin Services
i. Please uncomment following element
[sourcecode language="xml"]<HttpAdminServices>*</HttpAdminServices>[/sourcecode]
Enable Email usernames support
i. Please uncomment following element
[sourcecode language="xml"]<EnableEmailUserName>true</EnableEmailUserName>[/sourcecode]


4. Now you need to go to $IS_HOME/repository/conf/user-mgt.xml and do the configuration as follows. I'm running IS and Cassandra both in Same machine.

[sourcecode language="xml"]
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>

<UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager">
<Property name="Keyspace">User_KS</Property>
<Property name="Host">localhost</Property>
<Property name="Port">9160</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="AuthenticateWithAnyCredential">true</Property>
<Property name="DomainName">multipleCredentialUserStoreDomain</Property>
<MultipleCredentials>
<Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
<Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
<Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential>
<Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential>
<Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential>
</MultipleCredentials>
</UserStoreManager>
[/sourcecode]

5. Now you successfully done the configuration for secondary user store. for more details follow this configuration doc.

6. You can use the MultipleCredentialsUserAdmin service and write your own Java client to talk to IS and authenticate the users. IS 4.1.0 doesn't support the UI functionality but it will be available with future releases.

7. I have created some Jmeter client to talk to IS to authenticate the users with multiple credentials.you can download it here.