Multi-tenancy is a characteristic of a cloud native platform. WSO2 stratos provides multi-tenancy. In brief, multi-tenancy is to have one instance but customizable service for each tenant isolated from one another. If you want to know more about multi-tenancy, visit wso2.org which has many resources for learning.
Thanks to the modularity of OSGI; tenant management specific components in WSO2-stratos could be installed in WSO2-carbon based products-Identity Server in this case, and provide it with the multi-tenancy support.
In this blog post, I will explain how I could install multi-tenancy support in WSO2 Identity Server.
Thanks to the modularity of OSGI; tenant management specific components in WSO2-stratos could be installed in WSO2-carbon based products-Identity Server in this case, and provide it with the multi-tenancy support.
In this blog post, I will explain how I could install multi-tenancy support in WSO2 Identity Server.
- Get the Identity Server (IS) binary distribution. Either building from source or downloading binaries from here.
- Get the stratos-tenant management specific bundles. We can either build from the source or extract them from the binary packages. Lets go for the latter option here for the convinience. Get the Stratos released packages of from here. Download wso2stratos-manager and wso2stratos-is.
- Place following components from the above two packages, into Identity Server-home/repository/ components/dropins:
- org.wso2.stratos.tenant.mgt-1.0.0.jar
- org.wso2.stratos.tenant.mgt.ui-1.0.0.jar
- kaptcha-2.3.0.wso2v1.jar ---these three components will install tenant management feature. But we need other components as well, in getting it fully functioning.
- org.wso2.stratos.account.mgt.ui-1.0.0.jar
- org.wso2.stratos.account.mgt-1.0.0.jar ---these two are related to tenant's account management.
- org.wso2.carbon.email.verification.ui-3.1.0.jar
- org.wso2.carbon.email.verification-3.1.0.jar
- org.wso2.stratos.email.sender-1.0.0.jar ---these three will handle notifying tenant admin and e-mail verification after a tenant is registered.
- org.wso2.stratos.register.ui-1.0.0.jar ---is needed to show the registration complete page after e-mail verification. (Also, it is the ui component which is used in self-tenant registration.)
- org.wso2.stratos.identity.dashboard.ui-1.0.0.jar
- org.wso2.stratos.identity.login.ui-1.0.0.jar ---Identity Server's UI s are replaced by these.
- org.wso2.stratos.redirector.servlet.ui-1.0.0.jar
- org.wso2.stratos.redirector.servlet-1.0.0.jar ---each tenant will get a url with /t/domain name. In order to handle that redirection, these two are needed.
- org.wso2.stratos.manager.services.mgt-1.0.0.jar ---services are activated for tenants from stratos-manager. IS and G-Reg services are activated by default.
- org.wso2.stratos.common-1.0.0.jar
- org.wso2.stratos.activation-1.0.0.jar
- org.wso2.stratos.service.activation-1.0.0.jar
- org.wso2.stratos.theme.mgt.ui-1.0.0.jar
- org.wso2.stratos.theme.mgt-1.0.0.jar ---These handles tenant's theme management, you also need to copy stratos/services/manager/distribution/resources/allThemes to IS/resources.
4. Change the following in configuration files:
Change the carbon.xml in IS home/repository/conf to contain “WSO2 Stratos Identity” as the product name. This is because, in activating default identity service, service name is given as “WSO2 Stratos Identity”, And when checking whether a service is activated for a particular tenant, the service name is read from the carbon.xml.
Give smtp server information in smtp transport sender section of axis2.xml, found in IS home/repository/conf, in order to actually send e-mail notifications upon registration of tenants by the super admin.
5. Copy the following configuration files from stratos-manager home/repository/conf to IS-home/repository/conf:
- add following two properties to the UserStoreManager element of user-mgt.xml in IS home/repository/conf folder:
false default
- cloud-services-desc.xml
- email-registration.xml
- email-registration-complete.xml
- email-update.xml
I will add some screenshots to illustrate the installed multi-tenancy support in IS stand alone product.
As shown circled in the left panel of following image, multi-tenancy feature is installed in IS.
As shown circled in the left panel of following image, multi-tenancy feature is installed in IS.
Following image shows the list of sample tenants accounts that I created for testing purposes of the functionality.
Following image shows the console of IS when user 'hasini' of tenant: 'uom.org' has signed into the IS. Notice the url circled with the part '../t/uom.org..' which is specific to that particular tenant.
When multi-tenancy/tenant management feature is installed in IS, either JDBC or embedded-ldap user-store could be used. I will explain in a future post how to configure it to use tenant aware-embedded-ldap as the user store in tenant management.