WSO2 IS Multi-tenancy APIs

Question

I'm currently investigating the multi-tenancy capabilities of WSO2 Identity Server. I have the following use case:

An application that provides a convenient user interface for tenant creation. When a tenant is created, the application have to create a tenant in WSO2 IS, application databases and other proprietary configuration. My questions are:

Is there an API (SOAP or REST services, REST is preferable) for creating a tenant with tenant admin account?
Is there an API (SOAP or REST services, REST is preferable) for getting all the users for a specific tenant including their claims (like fullname)? If there are only SOAP apis for this, where is the WSDL so I can generate SOAP java clients for myself?
Is it possible to store the accounts for each tenant in its own relational database or db schema and still have the single SSO page working? I have the requirement to be able to tear a tenant to its own independent infrastructure by migrating its user accounts and application data.

Asela Asela · Accepted Answer · 2015-01-15T16:24:44

Yes. You can use multi-tenant APIs with WSO2IS. All WSO2IS management function has been exposed as SOAP based web services (Normally refers as Admin Services).

To manage tenants (create/update) you can use TenantMgtService API, You can find the WSDL from here. You need to call this API as super tenant admin. You can refer this learn about Admin services.

https://{WSO2IS HOST}:{PORT}/services/TenantMgtService?wsdl

You can manage tenant specific users/roles. You can use RemoteUserStoreManagerService for this. Here, you want to use tenant specific credentials to call the API. Say, you are from foo.com tenant and you want to retrieve the users of foo.com tenant. Then you need to call the API by using tenant admin credentials. Simple java client for this API can be found from here

Yes, tenant can have their own user stores. Tenant can plug their user store using WSO2IS management console.

WSO2 IS Multi-tenancy APIs

2 Answers