User Mapping from Directory Service to Order Management service

In $OPE_HOME_ roles/authorization-service/standalone/config/application.properties file, amPluggableCache has the following flags:

  • Ds_ActiveDirectory_Relational

  • Ds_OpenLdap_Relational

  • Ds_ActiveDirectory

  • Ds_OpenLdap

You need to map the Directory Service user with the Order Management user. You need to create the user in Order Management with at least tenant Id, valid roles, and userName as the mandatory fields. Leave the password field blank. The user name must match with the name provided in the ActiveDirectory.

You can use the Create User API (http://<host_address>:<port_address>/v1/user) to create users who need to be mapped with the Directory Service users. This user roles must be same as the group roles present in Directory Service.

While creating an authorization token, the user name and password are validated by Directory Service. After successful validation, it checks the users table in the Order Management database, and an authorization token is generated as per the tenant Id that the user belongs.

Here, Directory Service is used for authentication and Order Management service is used for authorization.