Change to MySQL¶
By default, WSO2 Identity Server uses the embedded H2 database as the database for storing user management and registry data. Given below are the steps you need to follow in order to use MySQL for this purpose.
Datasource configurations¶
A datasource is used to establish the connection to a database. By
default, WSO2_IDENTITY_DB
and WSO2_SHARED_DB
datasources are used to connect
to the default H2 database.
WSO2_SHARED_DB
- The datasource which stores registry and user management data.WSO2_IDENTITY_DB
- The datasource specific to the identity server which stores identity related data.
After setting up the MySQL database. You can point the WSO2_IDENTITY_DB
or
WSO2_SHARED_DB
or both to that MySQL database by following the instructions given below.
Change the default datasource¶
Minimum configurations for changing default datasource to MySQL¶
You can configure the datasource by editing the default configurations in <IS-HOME>/repository/conf/deployment.toml
.
Following are the basic configurations and their descriptions.
Element | Description |
---|---|
username and password | The name and password of the database user |
type | The type of the database |
hostname | The hostname of the host where the database is hosted |
port | The port of the database |
name | The name of the database |
A sample configuration is given below.
-
WSO2_IDENTITY_DB
-
Configure the
deployment.toml
file.[database.identity_db] type = "mysql" hostname = "localhost" name = "regdb" username = "regadmin" password = "regadmin" port = "3306"
-
Execute database scripts.
Navigate to
<IS-HOME>/dbscripts
. Execute the scripts in the following files, against the database created.<IS-HOME>/dbscripts/identity/mysql.sql
<IS-HOME>/dbscripts/consent/mysql.sql
-
-
WSO2_SHARED_DB
-
Configure the
deployment.toml
file.[database.shared_db] type = "mysql" hostname = "localhost" name = "regdb" username = "regadmin" password = "regadmin" port = "3306"
-
Execute database scripts.
Execute the scripts in the
<IS-HOME>/dbscripts/mysql.sql
file against the database created.
Note
Instead of defining
hostname
,port
, andname
separately, you can define theurl
of the database in the following format.type = "mysql" url = "jdbc:mysql://localhost:3306/regdb" username = "regadmin" password = "regadmin"
Note
As MySQL DB is inherently case-insensitive, it is recommended to deactivate the case-insensitive functionality of WSO2 Identity Server when integrating with MySQL DB. Disabling this feature in WSO2 Identity Server eliminates unnecessary processing, thereby potentially enhancing overall system performance.
To disable case-insensitivity for the primary user store, open the
deployment.toml
file found in the<IS-HOME>/repository/conf/
directory and add the following configurations to the primary user store.[user_store.properties] CaseInsensitiveUsername = false UseCaseSensitiveUsernameForCacheKeys = false
For secondary user stores, add the following configurations to the
<userstore>.xml
file found in the<IS_HOME>/repository/deployment/server/userstores
directory.<Property name="CaseInsensitiveUsername">false</Property> <Property name="UseCaseSensitiveUsernameForCacheKeys">false</Property>
-
-
If you have a requirement in using workflow feature follow, Change the default database of BPS database
-
Download the MySQL JDBC driver for the version you are using and copy it to the
<IS_HOME>/repository/components/lib
folder
Advanced database configurations¶
Apart from the basic configurations specified above, WSO2 Identity Server supports some advanced database configurations as well.
-
WSO2_IDENTITY_DB
related configurations that should be added to thedeployment.toml
file.[database.identity_db.pool_options] maxActive = "80" maxWait = "360000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false commitOnReturn=true
-
WSO2_SHARED_DB
deployment.toml
related configurations that should be added to thedeployment.toml
file.[database.shared_db.pool_options] maxActive = "80" maxWait = "360000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false commitOnReturn=true
The elements in the above configuration are described below:
maxActive | This is the maximum number of active connections that can be allocated at the same time from this pool. Enter any negative value to denote an unlimited number of active connections. |
maxWait | This is the maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. You can enter zero or a negative value to wait indefinitely. |
minIdle | The minimum number of active connections that can remain idle in the pool without extra ones being created. Enter zero to create none. |
testOnBorrow |
This indicates whether objects will be validated before being borrowed from the pool. If the object fails to be validated, it will be dropped from the pool and another attempt will be made to borrow another. |
defaultAutoCommit |
Indicates whether to commit database changes automatically or not |
validationInterval | This is the indication to avoid excess validation and only run validation after the specified frequency (time in milliseconds). If a connection is due for validation, but has been validated previously within this interval, it will not be validated again. |
defaultAutoCommit | This property is not applicable to the carbon database in WSO2 Identity Server because auto committing is usually handled at the code level, i.e., the default auto commit configuration specified for the RDBMS driver will be effective instead of this property element. Typically, auto committing is enabled for RDBMS drivers by default. When auto committing is enabled, each SQL statement will be committed to the database as an individual transaction, as opposed to committing multiple statements as a single transaction. |
Info
For more information on other parameters that can be defined in
the <IS_HOME>/repository/conf/deployment.toml
file, see Tomcat JDBC Connection Pool.
Support for case-sensitive usernames
Usernames in WSO2 Identity Server are case-insensitive by default. If you wish to enable case-sensitive usernames, configure the following properties.
To enable the case-sensitivity for the primary user store, open the deployment.toml
file found in the <IS-HOME>/repository/conf/
directory and add the following configurations to the primary user store.
[user_store.properties]
CaseInsensitiveUsername = false
UseCaseSensitiveUsernameForCacheKeys = false
For secondary user stores, add the following configurations to the <userstore>.xml
file found in the <IS_HOME>/repository/deployment/server/userstores
directory.
<Property name="CaseInsensitiveUsername">false</Property>
<Property name="UseCaseSensitiveUsernameForCacheKeys">false</Property>
<IS_HOME>/dbscripts/
.
Eg:
CREATE UNIQUE INDEX INDEX_UM_USERNAME_UM_TENANT_ID ON UM_USER(LOWER(UM_USER_NAME), UM_TENANT_ID);
Configure the connection pool behavior on return¶
By default, when a database connection is returned to the pool, the product rolls back the pending transactions if defaultAutoCommit=true
.
However, if required, you can disable the latter mentioned default behavior by disabling the JDBC-Pool JDBC interceptor, ConnectionRollbackOnReturnInterceptor
, and setting the connection pool behavior on return via the datasource configurations.
Configure the connection pool to commit pending transactions on connection return¶
-
Navigate to either one of the following locations based on your OS.
<IS_HOME>/bin/wso2server.sh/
<IS_HOME>\bin\wso2server.bat
-
Add the following JVM option:
-Dndatasource.disable.rollbackOnReturn=true \
-
Navigate to the
<IS_HOME>/repository/conf/deployment.toml
file. -
Disable the
defaultAutoCommit
property by defining it asfalse
. -
Add the
commitOnReturn
property and set it totrue
.-
WSO2_IDENTITY_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.identity_db.pool_options] defaultAutoCommit="false" commitOnReturn="true"
-
WSO2_SHARED_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.shared_db.pool_options] defaultAutoCommit="false" commitOnReturn="true"
-
Configure the connection pool to rollback pending transactions on connection return¶
-
Navigate to the
<IS_HOME>/repository/conf/deployment.toml
file. -
Disable the
defaultAutoCommit
property by defining it asfalse
. -
Set the
rollbackOnReturn
property to the datasources astrue
.-
WSO2_IDENTITY_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.identity_db.pool_options] defaultAutoCommit="false" rollbackOnReturn="true"
-
WSO2_SHARED_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.shared_db.pool_options] defaultAutoCommit="false" rollbackOnReturn="true"
-
The elements in the above configuration are described below.
Element | Description |
commitOnReturn | If defaultAutoCommit=false , then you can set commitOnReturn=true , so that the pool can complete the transaction by calling the commit on the connection as it is returned to the pool. However, if the rollbackOnReturn=true then this attribute is ignored. The default value is false. |
rollbackOnReturn | If defaultAutoCommit=false , then you can set rollbackOnReturn=true so that the pool can terminate the transaction by calling rollback on the connection as it is returned to the pool. The default value is false. |