This documentation is for WSO2 IoT Server 3.1.0. View the documentation for the latest release.
Configuring the Key Manager Node - IoT Server 3.1.0 - WSO2 Documentation
                                                                                                                                                                                                                                                                                                                                                                                                                                                   
||
Skip to end of metadata
Go to start of metadata

Through out this guide you have configured keymgt.iots310.wso2.com as the key manager node.

Before you begin

  • Mount the registry as explained here.
  • Configure the following databases for the Key Manager in the <IOTS_HOME>/conf/datasources/master-datasources.xml file.
    For more information, see Setting Up the Databases for Clustering.
    • Registry Database
    • User manager database
    • APIM Database

Let's start configuring the Key Manager node.

  1. Configure the HostName and MgtHostName properties in the <IOTS_HOME>/conf/carbon.xml file as shown below.

    <HostName>keymgt.iots310.wso2.com</HostName>
    <MgtHostName>keymgt.iots310.wso2.com</MgtHostName>

    Make sure to have the Offset property configured to zero. If it is set to a value other than zero, you need to update the NGINX configuration based on the port offset.

  2. Configure the <IOTS_HOME>/bin/iot-server.sh file as shown below:

     -Diot.keymanager.host="keymgt.iots310.wso2.com" \
     -Diot.keymanager.https.port="443" \
  3. Configure all the following properties in the <IOTS_HOME>/conf/identity/sso-idp-config.xml file by replacing https://localhost:9443 with https://mgt.iots310.wso2.com:443.

    • AssertionConsumerServiceURL

    • DefaultAssertionConsumerServiceURL

     Click here to view a configured file.
    <SSOIdentityProviderConfig>
       <TenantRegistrationPage>https://stratos-local.wso2.com/carbon/tenant-register/select_domain.jsp</TenantRegistrationPage>
       <ServiceProviders>
          <ServiceProvider>
             <Issuer>devicemgt</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</DefaultAssertionConsumerServiceURL>
             <SignAssertion>true</SignAssertion>
             <SignResponse>true</SignResponse>
             <EnableAttributeProfile>false</EnableAttributeProfile>
             <IncludeAttributeByDefault>false</IncludeAttributeByDefault>
             <Claims>
                <Claim>http://wso2.org/claims/role</Claim>
                <Claim>http://wso2.org/claims/emailaddress</Claim>
             </Claims>
             <EnableAudienceRestriction>true</EnableAudienceRestriction>
             <EnableRecipients>true</EnableRecipients>
             <AudiencesList>
                <Audience>https://localhost:9443/oauth2/token</Audience>
             </AudiencesList>
             <RecipientList>
                <Recipient>https://localhost:9443/oauth2/token</Recipient>
             </RecipientList>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>store</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <CustomLoginPage>/store/login.jag</CustomLoginPage>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>social</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <CustomLoginPage>/social/login</CustomLoginPage>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>publisher</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <CustomLoginPage>/publisher/controllers/login.jag</CustomLoginPage>
             <EnableAudienceRestriction>true</EnableAudienceRestriction>
             <AudiencesList>
                <Audience>carbonServer</Audience>
             </AudiencesList>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>API_STORE</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <EnableAudienceRestriction>true</EnableAudienceRestriction>
             <AudiencesList>
                <Audience>carbonServer</Audience>
             </AudiencesList>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>portal</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <EnableAudienceRestriction>true</EnableAudienceRestriction>
             <EnableRecipients>true</EnableRecipients>
             <AudiencesList>
                <Audience>https://localhost:9443/oauth2/token</Audience>
             </AudiencesList>
             <RecipientList>
                <Recipient>https://localhost:9443/oauth2/token</Recipient>
             </RecipientList>
          </ServiceProvider>
          <ServiceProvider>
             <Issuer>analyticsportal</Issuer>
             <AssertionConsumerServiceURLs>
                <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
             </AssertionConsumerServiceURLs>
             <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
             <SignResponse>true</SignResponse>
             <EnableAudienceRestriction>true</EnableAudienceRestriction>
             <EnableRecipients>true</EnableRecipients>
             <AudiencesList>
                <Audience>https://localhost:9443/oauth2/token</Audience>
             </AudiencesList>
             <RecipientList>
                <Recipient>https://localhost:9443/oauth2/token</Recipient>
             </RecipientList>
          </ServiceProvider>
       </ServiceProviders>
    </SSOIdentityProviderConfig>
  4. Start the WSO2 IoT Server's core profile.

    cd <IOTS_HOME>/bin
    iot-server.sh

What's next?

Next, let's configure the manager node.

  • No labels