User Role management with WSO2 Identity Server APIs

WSO2 Identity Server provides  a simple web service API for user role management. If your application needs a user role management function, you can directly integrate with Identity Server rather than dealing with the user store.

There is a web service API called  RemoteUserStoreManagerService   that can be used to manage users and roles.   You can find the WSDL of this service by going through following step…  By even looking at the WSDL, you can easily identify the operations of it..

1. RemoteUserStoreManagerService is admin service according the WSO2 Carbon platform.
Therefore WSDL of admin service can not be seen by default.
2. Open carbon.xml file which can be found at <IS_HOME>/repository/conf directory
3. Locate following XML element and set it to “false”


4. Then restart WSO2 Identity Server running wso2server script which can be found at <IS_HOME>/bin directory.
5. Point to browser https://localhost:9443/services/RemoteUserStoreManagerService?wsdl
If you have started server in default configurations.

Please find the java client program that has been written to invoke web service API from here.  You can integrate same type of client program in to your application…  All dependency jar files that you need to run this client, can be found in the lib directory.  Also, please note that RemoteUserStoreManagerService service is an admin service .   Therefore, you need to provide the privilege user’s credentials to  access this service. You can pass these credentials in the HTTP Basic Authentication headers

If you just want to try to call this web service API,  you can use SOAPUI for this.  In SOAPUI,  you can just provide the url  for RemoteUserStoreManagerService WSDL file and  create a project.  Then SOAPUI would list all the methods that are available in the service.  You can easily try out them.  You must send the admin credentials in the HTTP Basic Authentication headers.


As you know,  WSO2IS already supports for multitenancy. If you need to manage user/roles in particular tenant,  (say “” tenant). You can even do this using RemoteUserStoreManagerService. Here, you need to provide the credentials of an admin user in the particular tenant.  As an example, HTTP Basic Authentication header would be   “”



Thanks for reading…


Discuss this article on Stack Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *