Page Comparison

...

Follow the instructions below to change the default super admin credentials:

Change the user credentials in the following files.

The <UserName> and <Password> values in in the <APIM_HOME>/repository/conf/user-mgt.xml file.

Code Block

language	xml

<UserManager>
   <Realm>
      <Configuration>
          ...
          <AdminUser>
             <UserName>admin</UserName>                  
             <Password>admin</Password>
          </AdminUser>
      ...
   </Realm>
</UserManager>

Note

Note that the password in the user-mgt.xml file is written to the primary user store when the server starts for the first time. Thereafter, the password will be validated from the primary user store and not from the user-mgt.xml file. Therefore, if you need to If you have started the server already, to change the admin password stored in the user store, you cannot simply change the value in the userstore do the following:

1. Modify admin password in the user-mgt.xml file. To change the super admin password, you must use the Change Password option from the management console file

2. Configure the password through the management console.

3. Edit the files following all the steps given below.

To change the password from Management Console (https://localhost:9443/carbon), follow the steps in Changing a Password corresponding to API Manager.

The <APIM_HOME>/repository/conf/jndi.properties file.

Code Block

connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientid/carbon?brokerlist='tcp://localhost:5672'
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/test?brokerlist='tcp://localhost:5672'

If you have configured API Manager Analytics, change the credentials in the following files when changing the super admin credentials as shown below.

<APIM_HOME>/repository/conf/api-manager.xml

Code Block

<Analytics>
        <!-- Enable Analytics for API Manager -->
        <Enabled>true</Enabled>
        ....

        <DASServerURL>{tcp://localhost:7612}</DASServerURL>
        <!--DASAuthServerURL>{ssl://localhost:7712}</DASAuthServerURL-->
        <!-- Administrator username to login to the remote DAS server. -->
        <DASUsername>${admin.username}</DASUsername>
        <!-- Administrator password to login to the remote DAS server. -->
        <DASPassword>${admin.password}</DASPassword>

        ....

      <StatsProviderImpl>org.wso2.carbon.apimgt.usage.client.impl.APIUsageStatisticsRdbmsClientImpl</StatsProviderImpl>

        ...

        <DASRestApiURL>https://localhost:9444</DASRestApiURL>
        <DASRestApiUsername>${admin.username}</DASRestApiUsername>
        <DASRestApiPassword>${admin.password}</DASRestApiPassword>

        .....

    </Analytics>

<APIM_HOME>/repository/conf/log4j.properties

Code Block
log4j.appender.DAS_AGENT.userName=admin log4j.appender.DAS_AGENT.password=admin log4j.appender.LOGEVENT.userName=admin log4j.appender.LOGEVENT.password=admin

Note

Do you have any special characters in passwords?

If you specify passwords inside XML files, take care when giving special characters in the user names and passwords. According to XML specification (http://www.w3.org/TR/xml/), some special characters can disrupt the configuration. For example, the ampersand character (&) must not appear in the literal form in XML files. It can cause a Java Null Pointer exception. You must wrap it with CDATA (http://www.w3schools.com/xml/xml_cdata.asp) as shown below or remove the character:
Code Block
language xml
<Password> <![CDATA[xnvYh?@VHAkc?qZ%Jv855&A4a,%M8B@h%M8B]]> </Password>
Note the following if you have special characters in the passwords on your jndi.properties file:
- It is not possible to use the @ symbol in the username or password.
- It is also not possible to use the percentage (%) sign in the password. When building the connection URL, the URL is parsed. This parsing exception happens because the percentage (%) sign acts as the escape character in URL parsing. If using the percentage (%) sign in the connection string is required, use the respective encoding character for the percentage (%) sign in the connection string. For example, if you need to pass adm%in as the password, then the % symbol should be encoded with its respective URL encoding character. Therefore, you have to send it as adm%25in.
  
  For a list of possible URL parsing patterns, see URL encoding reference.

...

See Authentication using multiple Attributes in the WSO2 IS documentation.

Setting up

...

an

...

You can configure this capability using the steps below.

Configure user login under the <LoginConfig> element in the <APIM_HOME>/repository/conf/api-manager.xml file.

Set the primary attribute of the primary login to true and the primary attribute of the secondary login to false.
Primary login doesn't have a ClaimUri. Leave this field empty.
Provide the correct ClaimUri value for the secondary login.

An example is given below:

Code Block

language	html/xml

    <LoginConfig>
        <UserIdLogin primary="true">
             <ClaimUri></ClaimUri>
        </UserIdLogin>
        <EmailLogin primary="false">
             <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
        </EmailLogin>
     </LoginConfig>

In the API Store of a distributed setup, the serverURL element in the <APIM_HOME>/repository/conf/api-manager.xml file should point to the key manager instance's service endpoint. This allows users to connect to the key manager's user store to perform any operations related to the API Store such as login, access token generation etc. For example,

Code Block

language	html/xml

<AuthManager>
   <!--Server URL of the Authentication service -->
   <ServerURL>https://localhost:9444/services/</ServerURL>
 
   <!-- Admin username for the Authentication manager. -->
   <Username>admin</Username>
 
   <!-- Admin password for the Authentication manager.-->
   <Password>admin</Password>
   
   <CheckPermissionsRemotely>false</CheckPermissionsRemotely>
</AuthManager>

Note
If you have set the `CheckPermissionRemotely` parameter as true, the permissions will be checked in the remote server set in `ServerURL`. If the parameter is set as false the permissions will be checked by the local server

Tip
Tip: In a distributed setup, the API Store's user store needs to point to the key manager user store.

Tip
Tip: Be sure to keep the secondary login name unique to each user.

Setting up an e-mail login

See Email Authentication in the WSO2 IS documentation.

Tip

When setting up email login, specify the complete username with tenant domain. If you are in the super tenant mode the username should be as follows. <username>@<email>@carbon.super
Example:admin@wso2.com@carbon.super.

When configuring the <DataPublisher> section under <ThrottlingConfiguration> section in the <PRODUCT_HOME>/repository/conf/api-manager.xml file, specify the fully qualified username with tenant domain.
Example : <Username>admin@wso2.com@carbon.super</Username>

When

The "@" character is a reserved character in the WSO2 messaging component. Therefore, when specifing username in JMS Connection URL, under <JMSConnectionParameters> section in the <PRODUCT_HOME>/repository/conf/api-manager.xml file, "@" characters should be replaced by "!" character

.
Example URL :

. An example is shown below.

Code Block

<connectionfactory.TopicConnectionFactory><![CDATA[amqp://admin!wso2.com!carbon.super:admin@clientid/carbon?failover='roundrobin'&cyclecount='2'&brokerlist='tcp://10.100.0.3:5682?retries='5'&connectdelay='50';tcp://10.100.0.3:5692?retries='5'&connectdelay='50'']]></connectionfactory.TopicConnectionFactory>

Setting up a social media login

...

Versions Compared

Old Version 16

New Version Current

Key

Setting up

an

Setting up an e-mail login

Setting up a social media login