...
Follow the steps below to configure WSO2 IoT Server with WSO2 MB 3.2.0 for brokering.
Download the following feature following feature installation pom file and file and place it inside the
<MB_HOME>directory.Navigate to
<MB_HOME>on the terminal and execute the following command. This will install the required features to the WSO2 IoT Server pack.Code Block mvn clean install -f broker-feature-installation.pom
Open the broker.xml file found in the
<MB_HOME>/repository/conffolder and do the following:Add Replace the following configuration found under the
<security>tag with the following configuration:Info This configuration configures the properties and classes required to allow devices to publish to the MQTT server.
Code Block language xml <security> <!-- Instructs the MQTT server whether clients should always send credentials when establishing a connection. Possible values: OPTIONAL: This is the default value. MQTT clients may or may not send credentials. If a client sends credentials server will validates it. If client doesn't send credentials then server will not authenticate, but allows client to establish the connection. This behavior adheres to MQTT 3.1 specification. REQUIRED: Clients should always provide credentials when connecting. If client doesn't send credentials or they are invalid server rejects the connection. --> <authentication>REQUIRED</authentication> <!--Class name of the authenticator to use. class should inherit from org.dna.mqtt.moquette.server.IAuthenticator Note: default implementation authenticates against carbon user store based on supplied username/password --> <authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator"> <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property> <property name="username">admin</property> <property name="password">admin</property> <property name="maxConnectionsPerHost">10</property> <property name="maxTotalConnections">150</property> </authenticator> <!-- Instructs the MQTT server whether clients should be authorized before either publishing or subscribing Possible values: NOT_REQUIRED: This is the default value. MQTT clients will skip the authorization check REQUIRED: Clients will authorized before publishing. this will execute the class given in authorzier Note: authentication should be REQUIRED for authorization to be REQUIRED. --> <authorization>REQUIRED</authorization> <!--Class name of the authorizer to use. class should inherit from org.dna.mqtt.moquette.server.IAutherizer Note: default implementation authorizes against carbon permission with the topic. --> <!--connectionPermission is required for a user to connect to broker subscriberPermission is needed to subscribe(subriber permission can be more than one) publisherPermission is needed to publish(publisher permission can be more than one) --> <authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer"> <property name="username">admin</property> <property name="password">admin</property> <property name="tokenEndpoint">https://localhost:8243</property> <!--offset time from expiry time to trigger refresh call - seconds --> <property name="tokenRefreshTimeOffset">100</property> <property name="deviceMgtServerUrl">https://localhost:8243</property> </authorizer> </security>- Ensure that the
hostURLproperty points to the key manager token endpoint. - Ensure that the
deviceMgtServerURLpoints to the gateway endpoint.
Update If you have changed the default port of the broker profile, update the environment variables in the
iot-server.shfile and theanalytics.shfile found in the<IOTS_HOME>/binfolder with the correct endpoint.Code Block -Dmqtt.broker.host="localhost" \ -Dmqtt.broker.port="1886" \