Working with user registries

To secure your Catalogs, you authenticate with user registries. Perform the steps in this topic if you are creating a new user registry. In the Cloud Manager and API Manager user interfaces, a registry cannot be changed after a user is invited to be the owner of a provider organization, even if the invitation is not yet accepted.

About this task

The following user registries are available for API Connect and Cloud Manager environments:
  • Local user registry
  • LDAP
  • URL Authentication
Note:
  • Local user registry is the default user registry, and cannot be configured.
  • In the Cloud Manager and API Manager, you cannot change the user registry after a user is invited to be the owner of a provider organization, even if the invitation is not yet accepted. If you subsequently need to change the user registry, you must redeploy your API Connect cloud.
  • You can only use a single user registry for authenticating Cloud Manager users and a single user registry for authenticating API Manager users, regardless of user registry type (LDAP, Local User Registry or Authentication URL).
  • LDAP has an option to set case sensitivity. However, the Developer Portal does not support case-sensitive usernames so that LDAP option is not supported in a Developer Portal.

The Administration user is unique and always remains in the local user registry.

Procedure

  1. In the Cloud Manager page, click User Registries, then click Add.
  2. To authenticate with LDAP for the Cloud Manager or API Manager, complete the following steps. To avoid problems, be sure that your LDAP usernames match the case sensitivity of your actual registry. For additional information on using LDAP, see LDAP Authentication.
    1. Select LDAP Registry from the drop-down menu.
    2. Enter values in the Display Name, Name, and optionally, Description fields
      Note: The value that you specify in the Name field can consist of the following characters:
      • Lowercase alphabetic (a through z)
      • Numerals (0 through 9)
      • Hyphen (-). A hyphen cannot be used as the first or last character.
    3. In the Hostname and Port fields, enter the required information.
    4. From the Version drop-down menu, select the version number.
    5. To protect user credentials, move the Use TLS slider to the On position. If the Use TLS option is not selected, user credentials are not protected in transit.
      Note:

      If any user registry that is created in the Cloud Manager user interface, such as an LDAP registry, is used to authenticate access to APIs and is therefore configured to be public, then the Public option must be enabled in the associated TLS profile, otherwise the TLS connection will fail.

    6. Set the case-sensitive usernames slider to match the setting of your user registry.
      Note: By default, LDAP user names are case insensitive. Set the case-sensitive usernames option only if your LDAP is case-sensitive.
    7. Select Anonymous bind or Authenticated bind.
    8. Optional: If you selected Authenticated bind and want to do a test bind & get base DN, enter the distinguished name and password of the user in the Admin DN and Password text fields.
    9. In the Base DN text field, enter the Base DN information. If you are unsure of the correct value, click Test Bind & Get Base DN to display a drop-down menu of Base DNs available for the configured LDAP server.
    10. Enter Prefix and Suffix information
    11. When you are done, click Test Configuration. If the test is successful, a confirmation message is displayed. If the test is not successful, an error message is displayed. Recheck your settings and run the test again.
    12. Click Create to create the registry.
  3. To authenticate with an authentication URL for the Cloud Manager or API Manager, complete the following steps. To avoid problems, be sure your authentication URL user names match the case sensitivity of your actual registry.
    1. Select Authentication URL from the drop-down menu.
    2. Enter values in the Display Name, Name, and optionally, Description fields
      Note: The value that you specify in the Name field can consist of the following characters:
      • Lowercase alphabetic (a through z)
      • Numerals (0 through 9)
      • Hyphen (-). A hyphen cannot be used as the first or last character.
    3. In the URL text field, enter the authentication URL.
    4. To protect user credentials, move the Use TLS slider to the On position. If the Use TLS option is not selected, user credentials are not protected in transit.
    5. Set the case-sensitive usernames slider to match the setting of your user registry.
      Note: By default, Authentication URL user names are case insensitive. Select the case-sensitive usernames option only if your Authentication URL is case-sensitive.
    6. Click Create to create the registry.

Results

The Catalog and user registry information are added to API Manager.