WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards upon which they are based on. The following tutorial guides you through setting up WSO2 Identity Server on a single node in a pre-production environment.
Configuring the user store
WSO2 products allow you to configure multiple user stores to store your users and their roles. Your user store can be one of the following:
A Directory Service that can communicate over LDAP protocol like OpenLDAP
A database that can communicate over JDBC
Download and unzip the WSO2 Identity Server product into a folder. This location is referred to as
Set up a user store named WSO2UserStore.
Note: The instructions in this tutorial demonstrate configuring a JDBC user store. See Configuring User Stores for more information on how to set up other types of user stores.
Copy the JDBC driver (in this case MySQL driver) to the
<IS_HOME>/repository/component/libdirectory of both nodes. To do this, download the MySQL Java connector JAR from here and place it in the
Point all cluster nodes to the same user store (to share one LDAP directory). By default, WSO2 Identity Server is started with an embedded LDAP which comes with the product. Disable the embedded LDAP of node 2 by modifying embedded-ldap.xml which can be found in the
Configuring the datasources
Create the databases. See Setting up the Physical Database in the WSO2 Administration Guide for db scripts and more information.
This tutorial demonstrates deployment with a user management database (
WSO2UMDB) and an identity database (
Alternatively, you can create more databases for each type of data to separate the data logically. Note that this will NOT make a difference in performance and is not actually neccessary.
However, if you do wish to separate the data logically into separate databases, see the Setting Up Separate Databases for Clustering topic.
Configure the datasource for the databases in both nodes of your cluster in the master-datasources.xml file found in the
The code block below shows a sample configuration of the user mangement database and identity database for a mysql database. For instructions on how to configure the datasource depending on the type of database you created, see Changing the Carbon Database in the WSO2 Product Administration Guide.
Start the WSO2 Identity Server using the following command after navigating to the
Decide on the domain you are going to host this server on. Change the hostname in the
- Obtain a certificate for the domain you defined in the previous step.
Configure a load balancer/reverse proxy with the obtained certificate. The ports and URLs that are used by WSO2 IS are given below. Ensure that the ports and URLs are mapped correctly in the load balancer. Terminate SSL at the load balancer.
Usage URL Port HTTP Servlet localhost 9763 HTTPS Servlet (UI Consoles) localhost 9443
WSO2 Identity Server is shipped with a default keystore named wso2carbon.jks. It is recommended to change this default keystore in a production deployment to another keystore with a different self-signed certificate. See Creating New Keystores for more information on how to do this.
For enhanced security, encrypt and change all passwords as specified in Encrypting Passwords with Cipher Tool.
Configure the WSO2 Identity Server to refer to WSO2UserStore (the user store that you set up in step 2) for user information.This can be done by updating the following configuration in the
If you are using this WSO2UserStore to store users, do not forget to change the administrator credentials.
If you want to configure a different user store (other than a JDBC user store), see Configuring User Stores.
You can also configure a scheduled task to backup daily rolling logs to separate disks to avoid the disk-space running out.
Tune the performance of your WSO2 Identity Server deployment by following the recommendations in Performance Tuning Recommendations.
Setting up Analytics
The WSO2 Identity Server analytics component can be configured as indicated below.
In a separate machine, download the WSO2 Identity Server analytics distribution from the product download page and unpack it. The location that you have unpacked this distribution is referred to as
<IS_HOME>/repository/conf/datasources/master-datasource.xmlfile of the WSO2 Identity Server to the
<IS_HOME>/repository/conf/datasources/metrics-datasources.xmlfile of the WSO2 Identity Server to the
Mount the governance registry by modifying the
<IS_HOME>/repository/conf/registry.xmlfile as mentioned in step 5 of the previous section.
Identify the user base that is logging into the analytics server and configure the user stores according to Configuring User Stores.
If the analytics server is accessible from outside, obtain a domain name, get a certificate and setup SSL to terminate at the LB. Change the hostname according to step 6 of the previous section. The ports to configure are as follows.
Usage URL Port HTTP Servlet localhost 9763 HTTPS Servlet (UI consoles) localhost 9443
WSO2 Identity Server analytics is shipped with a default keystore named wso2carbon.jks. It is recommended to change this default keystore in a production deployment to another keystore with a different self-signed certificate. See Configuring Keystores in WSO2 Products for more information on how to do this.
For information on how to setup a clustered deployment of WSO2 Identity Server in a production environment with a minimum of two nodes, see Deployment Patterns.