WSO2 IS Claims configuration from secondary store

Question

I'm using WSO2 Identity Server 5.10.0 configured in order to use ActiveDirectory as UserStore

I don't have the oportunity to add custom properties to the ActiveDirectory so I'm facing several issues in claims configuration.

To solve the issue I was thinking to user ActiveDirectory as primary UserStore and configure WSO2 claims in order to be stored and retrieved from a secondary userstore (a JDBC user store).

I configured all what I needed but I can't make it working. When I start the WSO IS ti complains because it can't find mapped claims.

More exactly I have:

system error while authenticating/authorizing user : cannot find suitable mapped attribute for local claim http://wso2.org/claims/userid

Once I slve userid it gives to me other claims till I return all to the primary user store.

I'm wondering if my idea is feasible. If I can select from where to take claims.. why do I get this kind of error?

Answer 1

Actually, configuring the Active Directory as the Primary userstore will not have any difference when it comes to attribute mappings. Because all the userstores in the system should to have correct mapped attributes for these meta claim set and other claims which are marked as "Supported by Default".

The solution would be updating the mapped attributes for local claims with correct exciting attributes from your active directory. If you are having multiple userstoes, you can have different mapped attributes for each userstore domain. Referthis document for more info.

You may find a list of mandatory meta claims which we must have correct mappings to create users in this document .