Active Directory Integration with WSO2 Identity Server

Introduction

This tutorial provides a step-by-step guide on integrating Microsoft Active Directory with WSO2 Identity Server as a Secondary User Store. This integration allows organizations to manage user identities effectively while leveraging existing Active Directory infrastructure. By following this guide, you will be able to set up the integration, enabling seamless user authentication and authorization.

Step 1: Prepare WSO2 Identity Server

Before starting the integration, ensure that WSO2 Identity Server is properly installed and running.

• Download the latest version of WSO2 Identity Server from the official website.
• Follow the installation instructions provided in the documentation.
• Start the WSO2 server and access the management console at https://localhost:9443/carbon.

Step 2: Configure the Active Directory User Store

To integrate Active Directory, you need to set up it as a Secondary User Store in WSO2 Identity Server.

1. Log in to the WSO2 management console.
2. Navigate to Main > Identity > User Stores.
3. Click on Add User Store.
4. Fill in the necessary details:
   • User Store Type: Select Active Directory.
   • Domain: Enter your Active Directory domain (e.g., example.com).
   • Connection URL: Provide the LDAP URL (e.g., ldap://ad.example.com:389).
   • User Name: Enter the username for an account that has permission to read from the Active Directory.
   • Password: Enter the password for the above account.
5. Configure additional options as needed, such as:
   • Read Only: Set to true if you do not want to allow user modifications from WSO2.
   • User Search Base: Specify the base DN for user searches (e.g., ou=Users,dc=example,dc=com).

Step 3: Verify User Store Configuration

After configuring the Active Directory user store, you need to verify that the configuration is correct.

• Click on the Test Connection button to check if WSO2 can connect to the Active Directory.
• If successful, you will see a confirmation message. If there are errors, recheck your connection details.

Step 4: Configure User Claims

To enable proper identity management, configure user claims for the Active Directory integration.

1. Navigate to Main > Identity > Claims.
2. Click on Claim Configuration.
3. Map the necessary claims from Active Directory to WSO2 Identity Server:
   • Common claims may include username, email, and firstName.
4. Save the configuration after mapping.

Step 5: Test User Authentication

Ensure that the integration is functioning correctly by testing user authentication.

• Access the WSO2 Identity Server login page.
• Enter the credentials of an Active Directory user.
• If the integration is successful, you will be authenticated and redirected to the dashboard.

Conclusion

Integrating Microsoft Active Directory with WSO2 Identity Server enhances user management capabilities. By following the steps outlined in this tutorial, you have successfully set up Active Directory as a Secondary User Store. For further exploration, consider implementing role-based access control and exploring additional user management features in WSO2 Identity Server.