...
Configure
<ServerRoles>
that is in the<EMM_HOME>/repository/conf/carbon.xml
file by adding theCDMFPlatform
role.Code Block <ServerRoles> <Role>EMMPlatform</Role> <Role>CDMFPlatform</Role> </ServerRoles>
Configure the
designer.json
file that is in the<EMM_HOME>/repository/deployment/server/jaggeryapps/portal/configs
directory as follows:If you have enabled SSO for WSO2 EMM, you need to define
sso
as the value foractiveMethod
underauthorization
else, you can define theactiveMethod
asbasic
.Info For more information on enabling
sso
, see the WSO2 Dashboard Server documentation on Enabling SSO in WSO2 DS.Example:
Localtabgroup Localtab title SSO Info If you are enabling SSO configure the following fields:
- Configure
responseSigningEnabled
as true. - Set the Assertion Consumer (ACS) URL as
https://<JAGGERY_APP_HOST>:<JAGGERY_APP_PORT>/portal/acs
. In WSO2 EMM the jaggery application is available in the product itself. Therefore, you can configure the<JAGGERY_APP_HOST>
as localhost and<JAGGERY_APP_PORT>
as 9443 if you have not port offset WSO2 EMM.
Example:
Code Block "authentication":{ "activeMethod":"sso", "methods":{ "sso":{ "attributes":{ "issuer":"portal", "identityProviderURL":"https://localhost:9443/samlsso", "responseSigningEnabled":"true", "acs":"https://localhost:9443/portal/acs", "identityAlias":"wso2carbon", "useTenantKey":false } }, "basic":{ "attributes":{ } } } }
Localtab title Basic Code Block "authentication":{ "activeMethod":"basic", "methods":{ "sso":{ "attributes":{ "issuer":"portal", "identityProviderURL":"https://localhost:9443/samlsso", "responseSigningEnabled":"truefalse", "acs":"https://localhost:94439444/portal/acs", "identityAlias":"wso2carbon", "useTenantKey":false } }, "basic":{ "attributes":{ } } } }
- Configure
Configure the
authorization
attributes.Code Block "authorization":{ "activeMethod":"oauth", "methods":{ "oauth":{ "attributes":{ "idPServer":"%https.ip%/oauth2/token", "dynamicClientProperties":{ "callbackUrl":"%https.ip%/portal", "clientName":"portal", "owner":"admin", "applicationType":"JaggeryApp", "grantType":"password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer", "saasApp":false, "dynamicClientRegistrationEndPoint":"%https.ip%/dynamic-client-web/register/", "tokenScope":"Production" } } } } }
Property Description Data
TypeExample activeMethod
Define the method that needs to be made active from the available authorization methods. In this case you need to define the active mode as OAuth. Yes String OAuth
idPServer
Define the Identity Provider URL by replacing %https.ip% with
https://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String localhost:9443/oauth2
/tokencallbackURL
Define the call back URL by replacing %https.ip% with the
https://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String https.ip%/portal
clientName
Define the OAuth application name. Yes String portal
owner
Define the username of the owner of the application. In this use case it is the administrator. Yes String admin
applicationType
The default application type is a jaggery application. If you wish to change it, you need to update this field with the respective application type. Yes String JaggeryApp
grantType
In this use case, out of the six OAuth 2.0 grant types WSO2 EMM uses the password
refresh_token
and thesaml2-bearer
grant types. You can add more grant types as space separated values. If you configured WSO2 EMM for SSO authentication, thesaml2-bearer
grant type will be used and if you configured WSO2 EMM for basic authentication, thepassword refresh_token
grant type will be used.Yes String password
saasApp
Define if this application is a Software as a Service (SaaS) application or not, by defining true
orfalse
as the respective values.Yes Boolean false
dynamicClientRegistrationEndPoint
Define the dynamic client registration endpoint by replacing
%https.ip%
with thehttps://<EMM_HOST>:<EMM_PORT>
.Info The default value for
<EMM_HOST>
is localhost and if you have not port offset WSO2 EMM, the default<EMM_PORT>
is9443
.Yes String %https.ip%/dynamic-client
-web/register/tokenScope
Define the scope of the issued access token. It is used to limit the authorization granted to the client by the resource owner. Yes String Production
- Optionally, if you configured the authentication method as
sso
, you need to register the portal application as a service provider. Fore more information, see the WSO2 Dashboard Server documentation on configuring SSO in DS.
...