Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download the following feature installation pom file and place it inside the <MB_HOME> directory.

  2. Navigate to <MB_HOME> on the terminal and execute the following command. This will install the required features to the WSO2 IoT Server pack. 

    Code Block
    mvn clean install -f broker-feature-installation.pom
  3. Open the broker.xml file found in the <MB_HOME>/repository/conf folder and do the following:

    1. Add the following configuration found under the <security> tag.

      Code Block
      languagexml
      titleAuthenticators
      collapsetrue
      <security>
    <!--
     Instructs the MQTT server whether clients should always send credentials
     when establishing a connection.
     Possible values:
   OPTIONAL: This is the default value. MQTT clients may or may not send
       credentials. If a client sends credentials server will
       validates it.
       If client doesn't send credentials then server will not
       authenticate, but allows client to establish the connection.
       This behavior adheres to MQTT 3.1 specification.
   REQUIRED: Clients should always provide credentials when connecting.
       If client doesn't send credentials or they are invalid
       server rejects the connection.
    -->
    <authentication>REQUIRED</authentication>
    <!--Class name of the authenticator to use. class should
     inherit from org.dna.mqtt.moquette.server.IAuthenticator
     Note: default implementation authenticates against carbon user store
     based on supplied username/password
    -->
    <authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
        <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
        <property name="username">admin</property>
        <property name="password">admin</property>
        <property name="maxConnectionsPerHost">10</property>
        <property name="maxTotalConnections">150</property>
    </authenticator>
    <!--
    Instructs the MQTT server whether clients should be authorized before either publishing or subscribing
    Possible values:
  NOT_REQUIRED: This is the default value. MQTT clients will skip the authorization check
  REQUIRED: Clients will authorized before publishing. this will execute the class given in authorzier
  Note: authentication should be REQUIRED for authorization to be REQUIRED.
   -->
    <authorization>REQUIRED</authorization>
    <!--Class name of the authorizer to use. class should
  inherit from org.dna.mqtt.moquette.server.IAutherizer
  Note: default implementation authorizes against carbon permission with the topic.
 -->
    <!--connectionPermission is required for a user to connect to broker
 subscriberPermission is needed to subscribe(subriber permission can be more than one)
 publisherPermission is needed to publish(publisher permission can be more than one)
 -->
    <authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer">
        <property name="username">admin</property>
        <property name="password">admin</property>
        <property name="tokenEndpoint">https://localhost:8243</property>
        <!--offset time from expiry time to trigger refresh call - seconds -->
        <property name="tokenRefreshTimeOffset">100</property>
        <property name="deviceMgtServerUrl">https://localhost:8243</property>
    </authorizer>
</security>
    2. Ensure that the hostURL property points to the key manager token endpoint. 
    3. Ensure that the deviceMgtServerURL points to the gateway endpoint. 

  4. Update the environment variables in the iot-server.sh file and the analytics.sh file found in the <IOTS_HOME>/bin folder with the correct endpoint. 

    Code Block
    -Dmqtt.broker.host="localhost" \
-Dmqtt.broker.port="1886" \