Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 IoT Server has the admin user created by default. This user is also known as the super administrator as it has all the permissions assigned to it. The default username and password of this user is admin. In a production environment, if you are using the admin user for administration purposes, it is recommended to change the username and password. 

...

Note

If you are running the script, you need to have started WSO2 IoT Server atleast once. Therefore, if you are running WSO2 IoT Server for the first time, follow the steps given below:

  1. Start the core profile of WSO2 IoT Server.

    Code Block
    cd <IOTS_HOME>/bin
./iot-server.sh
  2. Stop the server and restart the server again.
  3. Run the script that is given below.
Warning
This document is work in progress!
  1. Navigate to the <IOTS_HOME>/scripts directory.

  2. Run the change-superadmin-credentials.sh script.
    Example: Running the script on a Mac or Linux OS.

    Code Block
    ./change-superadmin-credentials.sh
    1. Enter the old super administrator username and password.
      If you are changing the username or password for the first time, the old username is admin and the old password is admin.
    2. Enter the new super administrator username and passwordEnter Y if your tenant domain is carbon.super.  This changes the username of the OauthProvider's  owner property in the <IOTS_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json file.
  3. Restart the server again for new super administrator username and password to be pushed to WSO2 IoT Server.

...

  1. Open the <IOTS_HOME>/conf/app-manager.xml file and configure the username and password fields that have admin assigned to it with the new password:

    Code Block
    <!--Admin username for the Authentication manager.-->
<Username>{NEW_ADMIN_USERNAME}</Username>
<!--Admin password for the Authentication manager.-->
<Password>{NEW_ADMIN_PASSWORD}</Password>
 
<!--Admin username for the API gateway.-->
<Username>{NEW_ADMIN_USERNAME}</Username>
<!--Admin password for the API gateway.-->
<Password>{NEW_ADMIN_PASSWORD}</Password>
 
<!--Administrator username to login to the remote DAS server.-->
<DASUsername>{NEW_ADMIN_USERNAME}</DASUsername>
<!--Administrator password to login to the remote DAS server.-->
<DASPassword>{NEW_ADMIN_PASSWORD}</DASPassword>
 
<Configurators>
   <Configurator>
      <name>wso2is</name>
      <version>5.0.0</version>
      <providerClass>org.wso2.carbon.appmgt.impl.idp.sso.configurator.IS500SAMLSSOConfigurator</providerClass>
      <parameters>
         <providerURL>https://${carbon.local.ip}:${mgt.transport.https.port}</providerURL>
         <username>{NEW_ADMIN_USERNAME}</username>
         <password>{NEW_ADMIN_PASSWORD}</password>
      </parameters>
   </Configurator>
</Configurators>
 
<EntitlementServiceConfiguration>
   <Parameters>
      <ServerUrl>https://${carbon.local.ip}:${mgt.transport.https.port}</ServerUrl>
      <Username>{NEW_ADMIN_USERNAME}</Username>
      <Password>{NEW_ADMIN_PASSWORD}</Password>
   </Parameters>
</EntitlementServiceConfiguration>
 
<MDM name="WSO2MDM" bundle="org.wso2.carbon.appmgt.mdm.restconnector">
   <Property name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png</Property>
   <Property name="ServerURL">https://localhost:9443/mdm-admin</Property>
   <Property name="TokenApiURL">https://localhost:9443/oauth2/token</Property>
   <Property name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka</Property>
   <Property name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa</Property>
   <Property name="AuthUser">{NEW_ADMIN_USERNAME}</Property>
   <Property name="AuthPass">{NEW_ADMIN_PASSWORD}</Property>
</MDM>
 
<!-- Old EMM, Calls EMM using REST API -->
<MDM name="WSO2EMM" bundle="org.wso2.carbon.appmgt.mdm.wso2emm">
   <Property name="ServerURL">https://localhost:9443</Property>
   <Property name="ImageURL">https://localhost:9443/emm/assets/wso2mobile/img/models/%s.png</Property>
   <Property name="AuthUser">{NEW_ADMIN_USERNAME}</Property>
   <Property name="AuthPass">{NEW_ADMIN_PASSWORD}</Property>
</MDM>

  2. Change the admin username and password in the <IOTS_HOME>/conf/iot-api-config.xml file.

    Code Block
    <!--Admin username/password - this is to use for oauth token generation-->
    <Username>{NEW_ADMIN_USERNAME}</Username>
    <Password>{NEW_ADMIN_PASSWORD}</Password>

  3. Change the admin username and password in the <IOTS_HOME>/conf/apim-integration.xml file.

  4. Change the admin username and password in the analytics-data-config.xml file. This file can be found in the following locations:

    • <IOTS_HOME>/conf/analytics

    • <IOTS_HOME>/wso2/analytics/conf/analytics

    Code Block
    <!-- A valid user name which have necessary permissions to use the remote services -->
<Username>{NEW_ADMIN_USERNAME}</Username>


<!--A valid password of the user provided above. You also can use secure vault, if you don't want to configure -->
<!--the plain text password here.-->
<Password>{NEW_ADMIN_PASSWORD}</Password>

  5. Change the all the instances that have admin as the username and password in the <IOTS_HOME>/wso2/analytics/conf/input-event-adapters.xml file.

  6. Change the admin username and password in the user-mgt.xml file. The file can be found in the following locations.
    Make sure to do the changes in all the files.

    • <IOTS_HOME>/wso2/analytics/conf

    • <IOTS_HOME>/wso2/broker/conf

    • <IOTS_HOME>/conf

    Code Block
    <AdminUser>
	<UserName>{NEW_ADMIN_USERNAME}</UserName>
	<Password>{NEW_ADMIN_PASSWORD}</Password>
</AdminUser>

  7. Change the admin username and password in the metrics.xml file. The file can be found in the following locations.
    Make sure to do the changes in all the files.

    • <IOTS_HOME>/conf

    • <IOTS_HOME>/wso2/analytics/conf

    • <IOTS_HOME>/wso2/broker/conf

    Code Block
    <Username>{NEW_ADMIN_USERNAME}</Username>
<Password>{NEW_ADMIN_PASSWORD}</Password>

  8. Change the admin username and password in the <IOTS_HOME>/wso2/broker/conf/broker.xml file.

    Code Block
    <authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator">
   <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property>
   <property name="username">{NEW_ADMIN_USERNAME}</property>
   <property name="password">{NEW_ADMIN_PASSWORD}</property>
   <property name="maxConnectionsPerHost">10</property>
   <property name="maxTotalConnections">150</property>
</authenticator>

<authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer">
   <!--<property name="connectionPermission">/permission/admin/device-mgt/user</property>-->
   <!--topic subscription permissions which are assigned through grouping-->
   <property name="subscriberPermission">/permission/device-mgt/user/groups/device_events</property>
   <!--topic publisher permissions which are assigned through grouping-->
   <property name="publisherPermission">/permission/device-mgt/user/groups/device_operation</property>
   <property name="username">{NEW_ADMIN_USERNAME}</property>
   <property name="password">{NEW_ADMIN_PASSWORD}</property>
   <property name="tokenEndpoint">https://localhost:8243</property>
   <!--offset time from expiry time to trigger refresh call - seconds -->
   <property name="tokenRefreshTimeOffset">100</property>
   <property name="deviceMgtServerUrl">https://localhost:8243</property>
</authorizer>

  9. Configure the files given below to update the super administrator username:

    Note

    When adding the admin username, make sure to append the super tenant domain name to the username. The default super tenant domain name is carbon.super.

    1. Change the admin user name and the owner that is under the oauthProvider property in the <IOT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json file.

      Code Block
      "adminUser": "{NEW_ADMIN_USERNAME}@carbon.super"
"owner": "{NEW_ADMIN_USERNAME}@carbon.super",
    2. Change the owner under the oauthProvider property in the following files.
      • <IOT_HOME>/repository/deployment/server/jaggeryapps/android-web-agent/app/conf/config.json
      • <IOT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json
        Code Block
        "adminUser": "{NEW_ADMIN_USERNAME}@carbon.super"

  10. Restart the three profiles in WSO2 IoT Server in the following order. You can stop the profiles using CTRL+C respectively.

    1. Restart the broker profile:

      Code Block
      cd <IOTS_HOME>/broker/bin
./broker.sh

    2. Restart the core profile:

      Code Block
      cd <IOTS_HOME>/broker/bin
./iot-server.sh

    3. Restart the analytics profile:

      Code Block
      cd <IOTS_HOME>/analytics/bin
./analytics.sh

  11. Clear the browser cache and sign in to the device management console (https://<IOTS_HOST>:9443/devicemgt) with new admin credentials.