||
Skip to end of metadata
Go to start of metadata

Following the steps below to change the default password of the admin user of WSO2 BAM and to secure it using Secure Vault.

By default, standalone WSO2 BAM runs with embedded Cassandra which uses WSO2 authentication to authenticate/authorize users, and has default admin user credentials configured in the datasources (WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE, WSO2BAM_CASSANDRA_DATASOURCE, WSO2BAM_UTIL_DATASOURCE, WSO2BAM_HIVE_INCREMENTAL_DATASOURCE) of the <BAM_HOME>/repository/conf/bam-datasources.xml file, and in the <BAM_HOME>/repository/conf/advanced/hive-site.xml file. However, you can change this default admin user to a Cassandra user who can connect to Cassandra as follows.

  1. Change the <AdminUser> section in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file accordingly as follows, if you want to change the password of the admin user.

    <AdminUser>
    	<UserName>admin</UserName>
    	<Password>admin</Password>
    </AdminUser>
  2. To secure passwords using Secure Vault (i.e. by running ciphertool.sh ), change the password values of the following configurations in the <PRODUCT_HOME>/repository/conf/security/cipher-text.properties file accordingly as follows.

    Carbon.Security.KeyStore.Password=[wso2carbon]
    Carbon.Security.KeyStore.KeyPassword=[wso2carbon]
    Carbon.Security.TrustStore.Password=[wso2carbon]
    UserManager.AdminUser.Password=[admin]
    Datasources.WSO2_CARBON_DB.Configuration.Password=[wso2carbon]
  3. Change the <password> property of the below datasources in the <BAM_HOME>/repository/conf/datasources/bam-datasources.xml file by providing the password in plain text.

    Skip this step if you are securing passwords using secure vault (i.e. by running ciphertool.sh).

    • WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE

    • WSO2BAM_CASSANDRA_DATASOURCE

    • WSO2BAM_UTIL_DATASOURCE

    • WSO2BAM_HIVE_INCREMENTAL_DATASOURCE

  4. To secure passwords using Secure Vault, add the following new configurations to the <BAM_HOME>/repository/conf/security/cipher-text.properties file and change the value of the admin password accordingly.

    Use the following configurations only secure the admin user passwords. You can also secure other passwords using Secure Vault.

    Datasources.WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE.Configuration.Password=[admin]
    Datasources.WSO2BAM_CASSANDRA_DATASOURCE.Configuration.Password=[admin]
    Datasources.WSO2BAM_UTIL_DATASOURCE.Configuration.Password=[admin]
    Datasources.WSO2BAM_HIVE_INCREMENTAL_DATASOURCE.Configuration.Password=[admin]
  5. Add the following configurations to the <BAM_HOME>/repository/conf/securitycipher-tool.properties file.

    Datasources.WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE']/definition[@type='CASSANDRA']/configuration/password,false
    Datasources.WSO2BAM_CASSANDRA_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_CASSANDRA_DATASOURCE']/definition[@type='CASSANDRA']/configuration/password,false
    Datasources.WSO2BAM_UTIL_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_UTIL_DATASOURCE']/definition[@type='CASSANDRA']/configuration/password,false
    Datasources.WSO2BAM_HIVE_INCREMENTAL_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_HIVE_INCREMENTAL_DATASOURCE']/definition[@type='CASSANDRA']/con
  6. Execute the following command to run the <BAM_HOME>/bin/ciphertool.sh Cipher Tool script with the -Dconfigure option. Provide primary keystore password of the Carbon Server when prompted: sh ciphertool.sh -Dconfigure

  7. Enter the new admin password in the following configurations of the <BAM_HOME>/repository/conf/advanced/hive-site.xml file.

    By default, Secure Vault doesn't support passwords configured in the <BAM_HOME>/repository/conf/advanced/hive-site.xml file. However, you require this step only if you are using incremental data processing.

    <property>
    <name>hive.incremental.processing.intermediate.results.cassandra.password</name>
    <value>Enter the new password here.</value>
    </property>
    <property>
    <name>notification.task.receiver.password</name>
    <value>Enter the new password here.</value>
    </property>

After changing the password of admin user, properly configure all the data publishing agents (e.g. the mediation stat agent and service stat agent) in your setups according to the changed password.

  • No labels