This part is represented by <stores><identity-store>... element
<stores> <attribute-stores/> <identity-stores> <identity-store> ... </identity-store> <identity-store> ... </identity-store> </identity-stores> </stores>
<stores/> element contains <identity-store> and <attribute-store> elements. Currently <attribute-store> configuration is ignored so only <identity-store> elements can be configured.
<identity-store> <id>Sample Hibernate Store</id> <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class> <external-config/> <supported-relationship-types> <relationship-type> JBOSS_IDENTITY_MEMBERSHIP </relationship-type> <relationship-type> JBOSS_IDENTITY_ROLE </relationship-type> </supported-relationship-types> <supported-identity-object-types> <identity-object-type> ... </identity-object-type> ... <identity-object-type> ... </identity-object-type> </supported-identity-object-types> <options> <option> <name>persistenceUnit</name> <value>jboss-identity-model-xxx</value> </option> <option> <name>otherOption</name> <value>value1</value> <value>value2</value> <value>value3</value> </option> </options> </identity-store>
<identity-store> element:
id - IdentityStore id
class - IdentityStore class name
external-config - external configuration file used by IdentityStore
supported-relationship-types - IdentityObjectRelationshipType names that are supported by this IdentityStore. JBOSS_IDENTITY_MEMBERSHIP is standard value used by default framework implementation for membership type relationships (between two Group objects) and JBOSS_IDENTITY_ROLE is standard value for Role type memberships (named relationships)
supported-identity-object-types - configuration of IdentityObjectType objects mapped by IdentityStore
options - other IdentityStore configuration options
<supported-identity-object-types> <identity-object-type> <name>OFFICE</name> <relationships> <relationship> <relationship-type-ref> JBOSS_IDENTITY_MEMBERSHIP </relationship-type-ref> <identity-object-type-ref> IDENTITY </identity-object-type-ref> </relationship> <relationship> <relationship-type-ref> JBOSS_IDENTITY_MEMBERSHIP </relationship-type-ref> <identity-object-type-ref> CONFERENCE_ROOM </identity-object-type-ref> </relationship> </relationships> <credentials/> <attributes/> <options/> </identity-object-type> <identity-object-type> <name>IDENTITY</name> <relationships> <relationship> <relationship-type-ref> JBOSS_IDENTITY_ROLE </relationship-type-ref> <identity-object-type-ref> COMMUNITY </identity-object-type-ref> </relationship> </relationships> <credentials> <credential-type>PASSWORD</credential-type> <credential-type>BINARY</credential-type> </credentials> <attributes> <attribute> <name>picture</name> <mapping>user.picture</mapping> <type>binary</type> <isRequired>false</isRequired> <isMultivalued>false</isMultivalued> <isReadOnly>false</isReadOnly> </attribute> </attributes> </identity-object-type> </supported-identity-object-types>
<identity-object-type> element:
name- IdentityObjectType name
relationships - relationships in which IdentityObjectType can be parent side. <relationship-type-ref> must point to one of values from <supported-relationship-types> . <identity-object-type-ref> must be one of <identity-object-type><name> values configured in this IdentityStore.
credentials - IdentityObjectCredentialType names allowed for this IdentityObjectType
attributes - allowed attribute mappings. Each contains:
name - attribute name
mapping - real name to be used inside IdentityStore. For example LDAP attribute name
type - either "binary" or "text" value
isRequired - if attribute cannot have no values
isMultivalued - if attribute can have many values
isReadonly - if attribute values can be modified
options - other options for IdentityObjectType configuration