This section covers the following topics:
Table of Contents |
---|
Changing the super admin
...
credentials
Follow the instructions below to change the default super admin passwordcredentials:
Change the
password in the API-M Management Console (https://localhost:9443/carbon
).After changing the credentials, change the same user credentials in the following files.
The The <UserName>
and <Password> values in the<APIM_HOME>/repository/conf/user-mgt.xml
file.Code Block language xml <UserManager> <Realm> <Configuration> ... <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> ... </Realm> </UserManager>
Note Note that the password in the
user-mgt.xml
file is written to the primary user store when the server starts for the first time. Thereafter, the password will be validated from the primary user store and not from theuser-mgt.xml
file. If you have started the server already, to change the admin password in the userstore do the following:1. Modify admin password in the
user-mgt.xml
file2. Configure the password through the management console.
3. Edit the files following all the steps given below.
To change the password from Management Console (https://localhost:9443/carbon), follow the steps in Changing a Password.
The
<APIM_HOME>/repository/conf/jndi.properties
file.Code Block connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientid/carbon?brokerlist='tcp://localhost:5672' connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/test?brokerlist='tcp://localhost:5672'
If you have configured API Manager Analytics, change the credentials in the following files when changing the super admin credentials as shown below.<APIM_HOME>/repository/conf/api-manager.xml
Code Block <Analytics> <!-- Enable Analytics for API Manager --> <Enabled>true</Enabled> .... <DASServerURL>{tcp://localhost:7612}</DASServerURL> <!--DASAuthServerURL>{ssl://localhost:7712}</DASAuthServerURL--> <!-- Administrator username to login to the remote DAS server. --> <DASUsername>${admin.username}</DASUsername> <!-- Administrator password to login to the remote DAS server. --> <DASPassword>${admin.password}</DASPassword> .... <StatsProviderImpl>org.wso2.carbon.apimgt.usage.client.impl.APIUsageStatisticsRdbmsClientImpl</StatsProviderImpl> ... <DASRestApiURL>https://localhost:9444</DASRestApiURL> <DASRestApiUsername>${admin.username}</DASRestApiUsername> <DASRestApiPassword>${admin.password}</DASRestApiPassword> ..... </Analytics>
<APIM_HOME>/repository/conf/log4j.properties
Code Block log4j.appender.DAS_AGENT.userName=admin log4j.appender.DAS_AGENT.password=admin log4j.appender.LOGEVENT.userName=admin log4j.appender.LOGEVENT.password=admin
Note | |||||
---|---|---|---|---|---|
Do you have any special characters in passwords?
|
...
See How can I recover the admin password used to log in to the management console?
...
Login in via multiple user
...
attributes in API Store
See Authentication using multiple Attributes in the WSO2 IS documentation.
Setting up primary and secondary logins
In a standalone deployment of the API Manager instance, users of the API Store can have a secondary login name in addition to the primary login name. This gives the user flexibility to provide either an email or a user name to log in. You can configure the API Store to treat both login names as belonging to a single user. Users can invoke APIs with the same access token without having to create a new one for the secondary login.
You can configure this capability using the steps below.
- Configure user login under the
<OAuth>
element in the<APIM_HOME>/repository/conf/identity/identity.xml
file.- Mention your primary and secondary login names. Set the
primary
attribute of the primary login totrue
and theprimary
attribute of the secondary login tofalse
. - Primary login doesn't have a
ClaimUri
. Leave this field empty. - Provide the correct
ClaimUri
value for the secondary login.
An example is given below:
Code Block language html/xml <OAuth> ..... . .... <LoginConfig> <UserIdLogin primary="true"> <ClaimUri></ClaimUri> </UserIdLogin> <EmailLogin primary="false"> <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri> </EmailLogin> </LoginConfig> </OAuth>
- Mention your primary and secondary login names. Set the
In the API Store of a distributed setup, the
serverURL
element in the<APIM_HOME>/repository/conf/api-manager.xml
file should point to the key manager instance's service endpoint. This allows users to connect to the key manager's user store to perform any operations related to the API Store such as login, access token generation etc. For example,Code Block language html/xml <AuthManager> <!--Server URL of the Authentication service --> <ServerURL>https://localhost:9444/services/</ServerURL> <!-- Admin username for the Authentication manager. --> <Username>admin</Username> <!-- Admin password for the Authentication manager.--> <Password>admin</Password> <CheckPermissionsRemotely>false</CheckPermissionsRemotely> </AuthManager>
Note If you have set the
CheckPermissionRemotely
parameter as true, the permissions will be checked in the remote server set inServerURL
. If the parameter is set as false the permissions will be checked by the local server
Tip |
---|
Tip: In a distributed setup, the API Store's user store needs to point to the key manager user store. |
Tip |
---|
Tip: Be sure to keep the secondary login name unique to each user. |
Setting up an e-mail login
...
Tip | ||
---|---|---|
|
Setting up a social media login
You can auto-provision users based on a social network login by integrating the API Manager with WSO2 Identity Server. But, this Refer Log in to the API Store using Social Media for more information.
Note | ||
---|---|---|
Note that auto-provision users based on a social network login is not supported in a multi-tenant environment.
|
...
|
...
|