Page Comparison

...

1. Create an email account to send out emails to users that register with EMM (e.g., no-reply@foo.com).

   Note

   If you are using a Google mail account, you need to note that Google has restricted third party apps or less secure apps from sending emails. Therefore, you need to configure your account to enable this setting as WSO2 EMM acts as a third party application when sending emails to confirm user registrations or inviting existing users to register devices with WSO2 EMM. Expand title Click here for more information. Follow the steps given below to enable your Google mail account to provide access to third party applications. Navigate to https://myaccount.google.com/security. Click Signing in to Google on the left menu and make sure that the 2-step Verification is disabled or off. Image Added Click Connected apps and sites on the left menu and enable Allow less secure apps. Image Added

2. Open the <EMM_HOME>/repository/conf/axis2/axis2.xml file, uncomment the mailto transportSender section, and configure the EMM email account.

   Code Block

   <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.host">smtp.gmail.com</parameter> <parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> <parameter name="mail.smtp.user">synapse.demo.0</parameter> <parameter name="mail.smtp.password">mailpassword</parameter> <parameter name="mail.smtp.from">synapse.demo.0@gmail.com</parameter> </transportSender>

   Info
   For mail.smtp.from, mail.smtp.user, and mail.smtp.password, use the email address, username, and password (respectively) from the mail account you set up.

   Example:

   Code Block

   <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender"> <parameter name="mail.smtp.host">smtp.gmail.com</parameter> <parameter name="mail.smtp.port">587</parameter> <parameter name="mail.smtp.starttls.enable">true</parameter> <parameter name="mail.smtp.auth">true</parameter> <parameter name="mail.smtp.user">foo</parameter> <parameter name="mail.smtp.password">$foo1234</parameter> <parameter name="mail.smtp.from">no-reply@foo.com</parameter> </transportSender>

3. Configure the email sender thread pool.
   Navigate to the email-sender-config.xml file, which is in the <EMM_HOME>/repository/conf/etc directory, and configure the following fields under <EmailSenderConfig>.

   • MinThreads: Defines the minimum number of threads that needs to be available in the underlying thread pool when the email sender functionality is initialized.

   • MaxThreads: Defines the maximum number of threads that should serve email sending at any given time.

   • KeepAliveDuration: Defines the duration a connection should be kept alive. If the thread pool has initialized more connections than what was defined in MinThreads, and they have been idle for more than the KeepAliveDuration, those idle connections will be terminated

   • ThreadQueueCapacity: Defines the maximum concurrent email sending tasks that can be queued up.

   Example:

   Code Block
   <EmailSenderConfig> <MinThreads>8</MinThreads> <MaxThreads>100</MaxThreads> <KeepAliveDuration>20</KeepAliveDuration> <ThreadQueueCapacity>1000</ThreadQueueCapacity> </EmailSenderConfig>

4. Customize the email templates that are in the <EMM_HOME>/repository/resources/email-templates directory. 

   Info
   The email templating functionality of WSO2 EMM is implemented on top of Apache Velocity, which is a free and open-source template engine.

   1. Open the email template that you wish to edit based on the requirement, such as the user-invitation.vm or user-registration.vm file.
   2. Edit the <Subject> and <Body> to suite your requirement.
   3. Restart WSO2 EMM.

   Tip
   If you need to access HTTP or HTTPS base URLs of the server within your custom template configs, use the $base-url-http and $base-url-https variables, respectively.

...

1. Enable SSO in the following configuration files, under the ssoConfiguration section:

   • config.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config directory.

   • store.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/store/config directory.

   • publisher.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/publisher/config directory.

     Code Block
     "enabled" : true,

2. Configure the Identity Provider (IdP) in the following configuration files, under the ssoConfiguration section:

   Tip
   For example, you can use the following steps to configure WSO2 Identity Server (IS) as an Identity Provider (IdP). For more information on configuring IS, see enabling SSO for WSO2 servers.

   • config.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config directory.

   • store.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/store/config directory.

   • publisher.json file, which is in the <EMM_HOME>/repository/deployment/server/jaggeryapps/publisher/config directory. 

   Localtabgroup

   Localtab active true title config.json Code Block "identityProviderURL" : "%https.ip%/sso/samlsso.jag", "responseSigningEnabled" : "true", "keyStorePassword" : "wso2carbon", "identityAlias" : "wso2carbon", "keyStoreName" : "/repository/resources/security/wso2carbon.jks" Localtab title store.json Code Block "identityProviderURL": "%https.host%/samlsso", "keyStorePassword": "wso2carbon", "identityAlias": "wso2carbon", "responseSigningEnabled": "true", "storeAcs" : "%https.host%/store/acs", "keyStoreName": "/repository/resources/security/wso2carbon.jks" Localtab title publisher.json Code Block "identityProviderURL": "%https.host%/samlsso", "keyStorePassword": "wso2carbon", "identityAlias": "wso2carbon", "responseSigningEnabled": "true", "publisherAcs": "%https.host%/publisher/sso", "keyStoreName": "/repository/resources/security/wso2carbon.jks"

   Expand
   title Click here for IdP related property definitions.
   The IdP related property definitions are as follows: IdentityProviderURL - Provide the URL that defines where the user should navigate when signing in. keyStorePassword - Provide the Key Store password. identityAlias - Provide the Key Store identity alias or username. keyStoreName - Provide the Identity Providers (e.g., WSO2 IS) public key value. Info The keyStorePassword and identityAlias are defined under <KeyStore> in the carbon.xml file, which is in the <EMM_HOME>/repository/conf directory. Expand title Click here for to view the KeyStore attributes. Code Block <KeyStore> <!-- Keystore file location--> <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>wso2carbon</Password> <!-- Private Key alias--> <KeyAlias>wso2carbon</KeyAlias> <!-- Private Key password--> <KeyPassword>wso2carbon</KeyPassword> </KeyStore> storeAcs - Provide the Assertion Consumer URL, which is the redirecting URL, for the Store. publisherAcs - Provide the Assertion Consumer URL, which is the redirecting URL, for the Publisher.

   Note

   By default, an Identity Provider (IdP) has been bundled with the EMM binary pack. If you wish to use this default IdP in EMM, modify the host/ip to the Server IP. If you wish to use your own IdP, modify the host/ip to your own IdP's host in the following files: Localtabgroup Localtab active true title config.json Update the config.json  file, which is in the  <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/config  directory. Code Block "identityProviderURL" : "%https.ip%/sso/samlsso.jag", Localtab title store.json Update the store.json  file, which is in the  <EMM_HOME>/repository/deployment/server/jaggeryapps/store/config  directory. Code Block "identityProviderURL": "%https.host%/samlsso", Localtab title publisher.json Update the publisher.json  file, which is in the  <EMM_HOME>/repository/deployment/server/jaggeryapps/publisher/config  directory. Code Block "identityProviderURL": "%https.host%/samlsso",

3. Update the SSO related IDP configurations in the sso-idp-config.xml file, which is in the <EMM_HOME>/repository/conf/identity directory, by updating all the entries that state localhost to your IDP's IP address or domain.

   Code Block

   <ServiceProvider> <Issuer>mdm</Issuer> <AssertionConsumerServiceURLs> <AssertionConsumerServiceURL>https://localhost:9443/emm/sso/acs</AssertionConsumerServiceURL> </AssertionConsumerServiceURLs> <DefaultAssertionConsumerServiceURL>https://localhost:9443/emm/sso/acs</DefaultAssertionConsumerServiceURL> <SignAssertion>true</SignAssertion> <SignResponse>true</SignResponse> <EnableAttributeProfile>false</EnableAttributeProfile> <IncludeAttributeByDefault>false</IncludeAttributeByDefault> <Claims> <Claim>http://wso2.org/claims/role</Claim> <Claim>http://wso2.org/claims/emailaddress</Claim> </Claims> <EnableSingleLogout>false</EnableSingleLogout> <SingleLogoutUrl /> <EnableAudienceRestriction>true</EnableAudienceRestriction> <EnableRecipients>true</EnableRecipients> <AudiencesList> <Audience>https://localhost:9443/oauth2/token</Audience> </AudiencesList> <RecipientList> <Recipient>https://localhost:9443/oauth2/token</Recipient> </RecipientList> <ConsumingServiceIndex /> </ServiceProvider> <ServiceProvider> <Issuer>store</Issuer> <AssertionConsumerServiceURLs> <AssertionConsumerServiceURL>https://localhost:9443/store/acs</AssertionConsumerServiceURL> </AssertionConsumerServiceURLs> <DefaultAssertionConsumerServiceURL>https://localhost:9443/store/acs</DefaultAssertionConsumerServiceURL> <SignResponse>true</SignResponse> <CustomLoginPage>/store/login.jag</CustomLoginPage> </ServiceProvider> <ServiceProvider> <Issuer>social</Issuer> <AssertionConsumerServiceURLs> <AssertionConsumerServiceURL>https://localhost:9443/social/acs</AssertionConsumerServiceURL> </AssertionConsumerServiceURLs> <DefaultAssertionConsumerServiceURL>https://localhost:9443/social/acs</DefaultAssertionConsumerServiceURL> <SignResponse>true</SignResponse> <CustomLoginPage>/social/login</CustomLoginPage> </ServiceProvider> <ServiceProvider> <Issuer>publisher</Issuer> <AssertionConsumerServiceURLs> <AssertionConsumerServiceURL>https://localhost:9443/publisher/acs</AssertionConsumerServiceURL> </AssertionConsumerServiceURLs> <DefaultAssertionConsumerServiceURL>https://localhost:9443/publisher/acs</DefaultAssertionConsumerServiceURL> <SignResponse>true</SignResponse> <CustomLoginPage>/publisher/controllers/login.jag</CustomLoginPage> </ServiceProvider>

4. Running If you are running WSO2 EMM on a cluster setup or a virtual machine? If yes, you need to must configure the following fields under <SSOConfiguration> in the app-manager.xml file that is in the <EMM_HOME>/repository/conf directory.

   • IdentityProviderUrl
   • providerURL

   Info
   By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified. By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

   Code Block

   <!-- AppManager uses SAML SSO as default authentication mechanism for the web apps. Following configuration defines the configurations of the IDP which is used as the SSO provider. --> <SSOConfiguration> <!-- URL of the IDP use for SSO --> <IdentityProviderUrl>https://<EMM_HOST>:<EMM_HTTPS_PORT>/samlsso</IdentityProviderUrl> <Configurators> <Configurator> <name>wso2is</name> <version>5.0.0</version> <providerClass>org.wso2.carbon.appmgt.impl.idp.sso.configurator.IS500SAMLSSOConfigurator</providerClass> <parameters> <providerURL>https://<EMM_HOST>:<EMM_HTTPS_PORT></providerURL> <username>admin</username> <password>admin</password> </parameters> </Configurator> </Configurators> </SSOConfiguration>

5. Enable authentication session persistence by uncommenting the following configuration in the <EMM_HOME>/repository/conf/identity.xml file, under the Server and JDBCPersistenceManager elements.

   Code Block
   <SessionDataPersist> <Enable>true</Enable> <RememberMePeriod>20160</RememberMePeriod> <CleanUp> <Enable>true</Enable> <Period>1440</Period> <TimeOut>20160</TimeOut> </CleanUp> <Temporary>false</Temporary> </SessionDataPersist>

   Expand
   title Click here for more information on the configurations.
   Configuration element Description Enable This enables the persistence of session data. Therefore, this must be configured to true if you wish to enable session persistence. RememberMePeriod This is the time period (in minutes) that the remember me option should be valid. After this time period, the users are logged out even if they enable the remember me option. The default value for this configuration element is 2 weeks. CleanUp This section of the configuration is related to the cleaning up of session data. The cleanup task runs on a daily basis (once a day) by default unless otherwise configured in the Period tag. When this cleanup task is executed, it removes session data that is older than 2 weeks, unless otherwise specified in the TimeOut tag.  Enable Selecting true here enables the cleanup task and ensures that it starts running. Period This is the time period (in minutes) that the cleanup task would run. The default value is 1 day. TimeOut This is the timeout value (in minutes) of the session data that is removed by the cleanup task. The default value is 2 weeks. Temporary Setting this to true enables persistence of temporary caches that are created within an authentication request.

...