Skip to content

Configure IS-7.x as Third party KM for APIM - Official Documentation Improvement #10362

New issue
New issue
Open
Open
Configure IS-7.x as Third party KM for APIM - Official Documentation Improvement#10362
Labels
Type/Improvement
@SujitDas-tech

Description

@SujitDas-tech
SujitDas-tech
opened on Dec 1, 2025

Description

Hi Team,

If someone refers to this[1] and tries to configure IS as the Key Manager while using the /keymanager-operations/user-info endpoint, they will not know that an additional access control configuration is required. We should clearly mention in the documentation that if /keymanager-operations/user-info is used as the user-info endpoint, the following configuration is not required in IS:

[[resource.access_control]]
context="(.*)/scim2/Me"
secure=true
http_method="GET"
cross_tenant=true
permissions=[]
scopes=[]

However, if any other access controls are applied in IS, the following access control must also be added in the IS deployment.toml:

[[resource.access_control]]
context = "(.*)/keymanager-operations/user-info/claims/generate"
secure = true
http_method = "POST"
permissions = "/permission/admin/manage/identity/usermgt/list"
scopes = "internal_user_mgt_list"

[1]https://apim.docs.wso2.com/en/4.4.0/administer/key-managers/configure-wso2is7-connector/#configure-wso2-is-7x-as-a-key-manager:~:text=Add%20following%20configurations%20in%20the%20%3CIS7_HOME%3E/repository/conf/deployment.toml%20file.

Thanks and Regards,
Sujit

Suggested Improvement

It will be good if we update the APIM official doc with this.

Version(s)

4.x

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type/Improvement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions