Federated User Registry1.0
This feature enables support for federation of multiple user registries.
Enabling this feature
To enable the Federated User Registry 1.0 feature, add the following element declaration into your
server.xml file, inside the
Default federation of user registries
If two or more user registries are configured in your
server.xml file or in a
userRegistry.xml file, you can combine them into a single federated user registry. When you enable the Federated User Registry feature, any user registries that are defined in your
server.xml file or in a
userRegistry.xml file are federated by default. This default federation applies to basic, LDAP, and custom user registries. However, user registries that are configured with the
quickStartSecurity element cannot be federated with other user registries.
Custom federation of user registries
To federate a subset of user registries into a custom federated repository, you can define the
participatingBaseEntry name attribute in the
federatedRepository element. This configuration can be useful if you want to exclude certain user registries from a federated group by selectively including only the user registries that you want to federate. To avoid failures if any user registry is unavailable, set the
allowOpIfRepoDown attribute on the
primaryRealm subelement to
true, as shown in the following example.
The following example shows the federation of a basic user registry and a custom user registry in a custom federated repository:
<federatedRepository> <primaryRealm name="PrimaryRealm" allowOpIfRepoDown="true"> <participatingBaseEntry name="o=SampleBasicRealm1"/> <participatingBaseEntry name="o=customRegistryRealm1"/> </primaryRealm> </federatedRepository>
The participating base entry for a user registry is defined by the
participatingBaseEntry element. The participating base entry value for a custom or basic user registry is the
o organization attribute set to equal the realm name of that user registry. The realm name for a user registry is the value that is returned from the
getRealm() method of that user registry. The participating base entry for a custom user repository is one of the base entries that is returned by the
getRepositoryBaseEntries() method for that repository.
Feature configuration elements
Features that this feature enables
Features that enable this feature
Developing a feature that depends on this feature
If you are developing a feature that depends on this feature, include the following item in the
Subsystem-Content header in your feature manifest file.