This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The Management Console makes use of the default HTTPS servlet transport, which is configured in the catalina-server.xml file in the <IS_HOME>/repository/conf/tomcat directory. It is essential for this transport to be properly configured in this file for the Management Console to be accessible to users. For information on how to access the management console, see Running the Product.


If you are using Mac OS with High Sierra, you may encounter the following warning message when logging in to the management console due to a compression issue that exists in the High Sierra SDK.

Code Block
WARN {org.owasp.csrfguard.log.JavaLogger} -  potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>,, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)

To avoid this issue, open the <IS_HOME>/repository/conf/tomcat/catalina-server.xml file and change the compression="on" to compression="off" in the HTTPS connector configuration, and restart WSO2 IS.

The following screen depicts the full overview of the management console.