Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Mentioned examples of the artifacts are shared in the reg_DB with IS as KM and APIM.

...

  1.  Open the <IS_HOME>/repository/conf/datasources/master-datasources.xml file and add the following datasources.

    Info

    Ensure that you keep the 'WSO2_CARBON_DB' datasource the way it is and simply add the following datasources in the master-datasources.xml file. Also, note that the WSO2AM_DB is already added in the master-datasources.xml file so you do not need to add it again. However, you must edit this datasource to point to your new database as this still points to the default H2 database.

    Code Block
    languagexml
    titlemaster-datasources.xml
    <datasource>
        <name>WSO2AM_DB</name>
        <description>The datasource used for API Manager database</description>
        <jndiConfig>
            <name>jdbc/WSO2AM_DB</name>
        </jndiConfig>
        <definition type="RDBMS">
            <configuration>  <url>jdbc:mysql://localhost:3306/apimgt?autoReconnect=true&amp;relaxAutoCommit=true&amp;</url>
                <username>apiuser</username>
                <password>apimanager</password>
                <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                <maxActive>50</maxActive>
                <maxWait>60000</maxWait>
                <testOnBorrow>true</testOnBorrow>
                <validationQuery>SELECT 1</validationQuery>
                <validationInterval>30000</validationInterval>
                <defaultAutoCommit>false</defaultAutoCommit>
            </configuration>
        </definition>
    </datasource>
     
    <datasource>
        <name>WSO2REG_DB</name>
        <description>The datasource used for registry</description>
        <jndiConfig>
            <name>jdbc/WSO2REG_DB</name>
        </jndiConfig>
        <definition type="RDBMS">
            <configuration>
    <url>jdbc:mysql://localhost:3306/registry?autoReconnect=true&amp;relaxAutoCommit=true&amp;</url>
                <username>apiuser</username>
                <password>apimanager</password>
                <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                <maxActive>50</maxActive>
                <maxWait>60000</maxWait>
                <testOnBorrow>true</testOnBorrow>
                <validationQuery>SELECT 1</validationQuery>
                <validationInterval>30000</validationInterval>
            </configuration>
        </definition>
    </datasource>
     
    <datasource>
        <name>WSO2UM_DB</name>
        <description>The datasource used for user management</description>
        <jndiConfig>
            <name>jdbc/WSO2UM_DB</name>
        </jndiConfig>
        <definition type="RDBMS">
            <configuration>
       <url>jdbc:mysql://localhost:3306/userstore?autoReconnect=true&amp;relaxAutoCommit=true&amp;
                </url>
                <username>apiuser</username>
                <password>apimanager</password>
                <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                <maxActive>50</maxActive>
                <maxWait>60000</maxWait>
                <testOnBorrow>true</testOnBorrow>
                <validationQuery>SELECT 1</validationQuery>
                <validationInterval>30000</validationInterval>
            </configuration>
        </definition>
    </datasource>

    The following diagram illustrates how databases are shared between IS and APIM as per the above configuration.

    • WSO2REG_DB - This is used to keep the registry information. The registry database is shared between WSO2 IS as the Key Manager and WSO2 APIM to share artifacts such as, meta data configurations, policies, and API details.

    • WSO2UM_DB - This is used to store the permissions (i.e., permission store) and the internal roles of the users. 

    • WSO2AM_DB - This will be used to keep the identity data and API-related data. This includes OAuth tokens and keys. When serving key-validation requests, the key manager validates whether there are subscriptions made by the particular key. For this WSO2AM_DB should be accessed.

    • LDAP - This stores the users and their role mapping. You do not need to configure the datasource configuration in the master-datasources.xml file for this.
  2. Make the following change to the <IS_HOME>/repository/conf/registry.xml file. Create the registry mounts by inserting the following sections into the registry.xml file. 

    Info

    When doing this change, do not replace the existing <dbConfig> for "wso2registry". Simply add the following configuration to the existing configurations.

    Code Block
    languagexml
    titleregistry.xml
    <dbConfig name="govregistry">
            <dataSource>jdbc/WSO2REG_DB</dataSource>
    </dbConfig>
    
    <remoteInstance url="https://localhost">	
            <id>gov</id>
            <dbConfig>govregistry</dbConfig>
    		<cacheId>apiuser@jdbc:mysql://localhost:3306/registry</cacheId>
            <readOnly>false</readOnly>
            <enableCache>true</enableCache>
            <registryRoot>/</registryRoot>
    </remoteInstance>
    
    <mount path="/_system/governance" overwrite="true">
            <instanceId>gov</instanceId>
            <targetPath>/_system/governance</targetPath>
    </mount>
    
    <mount path="/_system/config" overwrite="true">
           <instanceId>gov</instanceId>
           <targetPath>/_system/config</targetPath>
    </mount>
  3. Change the datasource in the user-mgt.xml file found in the <IS_HOME>/repository/conf/ directory to point to the WSO2UM_DB.

    Code Block
    languagexml
    titleuser-mgt.xml configurations
    <Realm>
            <Configuration>
    			...
    			<Property name="dataSource">jdbc/WSO2UM_DB</Property>
            </Configuration>
    		...
    </Realm>

     

  4. Make sure you add the user store configuration correctly in the <IS_HOME>/repository/conf/user-mgt.xml file so that both the Identity Server and API Manager point to the same user store. For more information on configuring user stores, see here.

    Info

    You must change the <UserStoreManager> element here since the internal LDAP user store is used by default. The <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> code block needs to be removed or modified and the right code block must be used. You could alternatively use the embedded LDAP in the Identity Server as your user store.

  5. JWT configuration must be done in the <IS_HOME>/repository/conf/api-manager.xml file in the Identity Server. See here for more information on JWT Token generation. Enable the ClaimsRetrieverImplClassConsumerDialectURI and SignatureAlgorithm. Set SignatureAlgorithm to NONE. 

...