I have tested emm (enterprise mobility management), and it works well on normal situation of multiple tenants. The tenant id is designed in database. The tenant id is added to form field. But how can I design different layout or theme for different tenant? From web structure, seems I could not figure out how to configure different themes for different tenant.
By default same EMM theme will be applied to all EMM tenants.but you can apply different theme for different EMM tenants.
for that use below the document and you can change the theme tenant wise.
change the emm console theme
Related
Application I inherited uses WSO2 Identity server which I have't used before. I might need to support multiple tenants in this application and I need to research if WSO2 IS will support this. Documentation is not helping me unfortunately. I want all tenants to have same, shared roles. Adding new tenant should mean adding it's users and assigning them already existing roles.
So in my head solution should be rather simple. Just add new field to user profile - tenantId, and then return it as a claim in token. When I have it in token then it's up to code to use it. First of all is this possible at all? If it is it a good idea?
There are two other possible solutions I was considering.
Service Provider has SASS checkbox but I don't understand yet how it works.
You can add tenants to WSO2 IS itself. But to me it looks like it is multitenancy on WSO2 IS side (to share WSO2 IS) and it's not a feature to support multitenancy in my application. I was told that in this case each tenant would have to have roles defined again and that even those roles would have to be named differently.
WSO2 Identity Server do have the IDP level tenant separation but it does not have an OOB SP level tenant separation mechanism. However, your proposed solution can be done. It is a simple configuration to add an extra claim to the user [1](Assumes that the underlying user store supports it).
Answers for your other questions,
It is for IDP level tenant separation and if you need to share SP between those tenants, you can use this check box.
Correct.
This will do a clear separation in the IS side so data will be contained to each tenant. However, you can share user stores between each tenant.
[1] https://docs.wso2.com/display/IS580/Adding+Claim+Mapping
Everything I searched for returns info about internal user SSO, not client facing websites.
I need an SSO implimentation that works with sitecore's asp.net membership api or has it's own sitecore security provider to enable users who log in to publicfacingwebsite1.com to be able to be logged in to publicfacingwebsite2.com and logging out of one will log out of the other. I would prefer sitecore's asp.net membership provider as that will probably have the least upgrade implications in the future.
The domains are different top level domains. The websites are separate sites on the same sitecore instance.
I also need the side ability to impersonate a user (log in as the user) from an admin user, but once I have the main implementation, I'm sure I can find a method for the impersonation.
Regards
I would use a third party framework for the SSO part. For instance IdentityServer3
Here is a good introduction on how to use it together with Sitecore
In regards to the membership provider and the profile data, if you are thinking upgradeability, I am not sure it will be so, if you use the native membership provider. Sitecore will most likely switch to ASP.Net Identity in the near future. The ASP.NET Identity is supported in IdentityServer3, so you might obtain a shared user profile by using IdentityServer for the profile as well. But this is all guessing the future.
If you want to use the membership provider and the standard Sitecore profile provider, I am sure you can customize the implicit flow to map the Identity to a Sitecore user.
I have admin rights in my wso2 api manager. But it has number of users and they have number of applications which are created by them selves. But I need to remove some selected applications which are already created(approved) by other users also as the admin. So how can I do this in WSO2 api manager 1.7 with GUI. I can do this from the data base level. But looking for a way of doing it with GUI.
We can not delete or update other use's applications in the wso2 APIM with the graphical user interface up to now even for the system admin. It's not a good practice of deleting other user's account even by the admin. But there can be some practical scenarios in some cases such number of applications are created by different users but no one is using any of them. In such a situation the only possible way of removing those unwanted applications from APIM is, remove them from database.
We hope this simple feature will also be given with GUI in future.
Check the api store's api at https://docs.wso2.com/display/AM170/Store+APIs
There is an option to delete an application. But, AFAIK, it wont check whether that application has any active subscriptions (APIM versions such as 1.9.0 checks it). So, this can cause problems to existing subscriptions, if any.
We are using WSO2 products ESB and IS in our product. We have configured MySql datasource for user stores and registry in Identity Server. We also have tenant specific user stores configured in Identity Server.
We would like to configure ESB to use the same user stores that are of Identity Server.
We have tried configuring the datasources and user-mgt.xml with the same user stores. When ESB is being launched we're getting some exceptions.
Kindly advise the following:
If we want to share registry and user stores, can we just add the datasources in master-datasources.xml and refer them in respective xml in ESB? Or, anything different?
Thanks in advance!
Yes. You can just share same user-mgt.xml and master-datasources.xml file with both ESB and IS. If you want to point to the same user store, user management database and same registry. (if registry.xml file has not been changed). But there can be issues, if ESB and IS are not release with same carbon platform. Because there can be slightly different between the user kernel implementation of two different carbon versions. Could you let us know the ESB and IS version that you are using? Also errors that you see in ESB startup?
I am planning to implement enterprise application using wso2. I have following list of functions in my application and I have already chosen wso2 products for them.
Dynamic Business Process - WSO2-BPS 3.0.1
Dynamic Rule -- WSO2-BRS 2.0
Integration with LDAP, Sharepoint -- WSO2-IS 4.0
SOAP & REST Services -- WSO2-AS 5.0.1
My concerns are:
1) How can I share resources (configuration files, registries, etc) between products?
2) If I create Tenant in IS then How it will be available to other carbon products. can I use same tenant in other carbon products?
3) Can I externalize storage of Tenants?
4) Single sign on (logged in one product can also access other products)
You can simply achieve this via our stratos Which will provide you to access to tenants from one product to another using centralised user store and you can use the Single sign on with Stratos which is by default available within products. You can play around with stratos from this.
If you download the local setup of stratos which will have all the WSO2 products as already pre-configured to run them in your private cloud. You can refer the README in the local setup pack for more information to run the setup.