Can we plug an existing user store to the WSO2 Identity Server? 🤔

Many users who prefer to use WSO2 Identity Server has this question in their mind.

How to plug our existing user store to the WSO2 Identity Server?

If you already have a legacy system and if you have requirements to migrate to a modern authentication system with all Identity and Access Management features, the main important thing that you need to consider is how to use the existing legacy user store with this new system. But if the legacy user store uses old security mechanism to store your data, then I would recommend to seamlessly migrate them to the WSO2 JDBC user store format or Active Directory.

Requirement 1: Directly plug an AD or LDAP

With WSO2 Identity Server, you can directly plug your standard Active Directory and LDAP/OpenLDAP. You can directly provide the credentials for the userstore in the configurations(Primary — deployment.toml file, secondary — UI configuration in management console)

> For Primary Read-Write Active Directory user store configurations, refer following documentation for more details.

> For Secondary — Adding connection details in the UI as shown will directly connect to your Active Directory or LDAP easily.

By doing this you can authenticate to any application that connects to WSO2 Identity Server through this user store user’s credentials with matching rules and authorization.

Requirement 2: Federating an existing user store (or AD)

WSO2 Identity Server supports all the standards protocols. So if you need to plug a user store like LifeRay or Azure AD. Then we can integrate them as Federated Identity Providers. Some of the common integrations are,

• Liferay has a highly extensible architecture. So you can easily integrate Liferay as mentioned in Prabath’s blog.
• Azure AD integration is more common among enterprise users. It enables organizations with existing on-premise user stores to securely and conveniently extend user identities to Office 365 without the burden of Microsoft provided federation tools such as Active Directory Federation Services (ADFS). You can refer WSO2 article for more details.

Requirement 3: Plug an existing JDBC user store with its own schema

There are many ways to achieve this task with WSO2 Identity Server.

Approach 1 -

Plug as a secondary UniqueIDJDBCUserstore and change the SQL queries to match your schema. The SQL queries are available in the secondary user store -> Advanced properties section as shown below.

You also can change the password hashing algorithm as shown below

Approach 2 -

Write a custom user store manager by overriding all the user store operation methods which match to your user store. The following documentation will give you the classes that you need to extend and the methods that you need to override.