Multiple User Registries with Jazz Authorization Server and SCIM

Author: ShubjitNaik
Build basis: JAS and CLM 6.0.3,6.0.4

WebSphere Application Server Liberty Profile allows configuring Multiple federated registries. User registry federation is used when user and group information is spread across multiple registries. For example, the information might be in two different LDAPs, in two subtrees of the same LDAP, in a file, or the users are of a system. The information might even be in a custom user data repository. With registries federated, you can search and use these distributed user information in a unified manner with continuous store of information. Using federated registry, you can use the unified view for authentication and authorization of users in Liberty.

Jazz Authorization Server (JAS) is based on WebSphere Liberty Profile and can leverage the feature of configuring federated Registries. However, for it work with CLM, you would have to configure JAS with SCIM.

This article focuses on steps to configuring JAS for SCIM and with federated registries.

Important Notes and Pre-requisites

• Multiple Registries with JAS can be configured only along with SCIM configuration in JAS and CLM
• If the LDAP User registry in use is anything other than Microsoft Active Directory, the minimum version of CLM and JAS to be deployed is 6.0.4 (GA in 2017).
• For LDAP User registry Microsoft Active Directory the supported versions of CLM and JAS for SCIM configuration is 6.0.2 and higher
• Initially, disable SCIM Nightly User Synchronization operation. First test Import Users via JTS Admin UI and confirm the CN, UserID and Email address of the imported user match the configuration
• Screenshots added for Non-Microsoft AD configurations are from CLM and JAS versions 6.0.4 M2

Setup and Configure JAS for SCIM with a Single LDAP Registry

• To configure SCIM you must use Lightweight Directory Access Protocol (LDAP)
• The first step is to configure JAS for SCIM with a Single LDAP Registry and to Run JTS setup with JAS and SCIM
• Refer article Configuring Jazz Authorization Server for SCIM for the complete steps

Configure JAS for SCIM with Multiple LDAP Registries

Enable federated registries features in Liberty

Modfify LDAP configuration to include multiple registries

Test SCIM with multiple registries

JTS SCIM configuration to map to Multiple LDAP Registries

Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text

Heading 1

Related topics: Deployment web home, Configuring Jazz Authorization Server

External links:

• IBM