User Mapping from Directory Service to Order Management service
In $OPE_HOME_ roles/authorization-service/standalone/config/application.properties
file, amPluggableCache
has the following flags:
-
Ds_ActiveDirectory_Relational
-
Ds_OpenLdap_Relational
-
Ds_ActiveDirectory
-
Ds_OpenLdap
You need to map the Directory Service user with the Order Management user. You need to create the user in Order Management with at least
tenant Id
, valid
roles
, and
userName
as the mandatory fields. Leave the password field blank. The user name must match with the name provided in the ActiveDirectory.
You can use the Create User API (http://<host_address>:<port_address>/v1/user) to create users who need to be mapped with the Directory Service users. This user roles must be same as the group roles present in Directory Service.
While creating an authorization token, the user name and password are validated by Directory Service. After successful validation, it checks the users table in the Order Management database, and an authorization token is generated as per the tenant Id that the user belongs.
Here, Directory Service is used for authentication and Order Management service is used for authorization.