Follow the instructions below to deploy Identity Server in production.
Info | ||
---|---|---|
| ||
The following changes should be applied on a fresh Identity Server instance. Do not start the Identity Server until the configurations are finalized. |
...
Step 1. Changing the default key store
1. Open the wso2is-3.2.3<IS_HOME>/repository/conf/carbon.xml
file.
2. The private key is used for the HTTPS channel and for the token issuer to sign the issued tokens. This information has to be changed in two files.
The following section of the carbon.xml
should be updated to match your private key information.
Info | ||
---|---|---|
| ||
The private key must be available in a key store keystore of the "JKS" or "PKCS12" type. More information on key stores can be found here. |
Code Block |
---|
<!-- Security configurations --> <Security> <!-- KeyStore which will be used for encrypting/decrypting passwords and other sensitive information. --> <KeyStore> <!-- Keystore file location--> <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>wso2carbon</Password> <!-- Private Key alias--> <KeyAlias>wso2carbon</KeyAlias> <!-- Private Key password--> <KeyPassword>wso2carbon</KeyPassword> </KeyStore> <!-- The directory under which all other KeyStore files will be stored --> <KeyStoresDir>${carbon.home}/repository/resources/security</KeyStoresDir> </Security> |
Step 2. Changing the host name
1. Open the wso2is-3.2.3<IS_HOME>/repository/conf/carbon.xml
file.
2. Change the host name names of the Identity Provider to match the "Common Name" of the certificate of the private key.
Code Block |
---|
<!-- Host name or IP address of the machine hosting this server e.g. www.wso2.org, 192.168.1.10 This is will become part of the End Point Reference of the services deployed on this server instance. --> <HostName>localhost</HostName> <!-- Host name to be used for the Carbon management console <ServerURL>https://localhost:${carbon.https.port} --> <MgtHostName>localhost</MgtHostName> <!-- The URL of the back end server. This is where the admin services are hosted and will be used by the clients in the front end server. This is required only for the Front-end server. This is used when seperating BE server from FE server --> <ServerURL>local:/${carbon.context}/services/</ServerURL> |
Step 3. Changing the HTTP/HTTPS ports
1. Open the wso2is-3.2.3<IS_HOME>/repository/conf/tomcat/mgtcatalina-transportsserver.xml
file .2. Change and change the HTTP and HTTPS port by changing the following configuration ports in the <connector> elements. For example,
Code Block | ||
---|---|---|
| ||
<Connector protocol="org.wso2apache.carboncoyote.server.transports.http.HttpTransport">http11.Http11NioProtocol" <parameter nameport="port">9763</parameter>9763" </transport> ... /> <transport<Connector name="https" classprotocol="org.wso2apache.carboncoyote.server.transports.http.HttpsTransport">http11.Http11NioProtocol" port="9443 <parameter namescheme="port">9443</parameter>https" </transport> |
Step 4. Changing the OpenID Provider configurations
1. Open the wso2is-3.2.3/repository/conf/identity.xml
file.
2. Change the OpenID provider server URL by changing the corresponding configuration element.
Info | ||
---|---|---|
| ||
Once this is set, OpenIDs will be generated in the following format: |
For example, https://localhost:9443/openid/bob
Info | ||
---|---|---|
| ||
Both configurations must have the Code Block | ...<OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern> /> |
Excerpt | ||
---|---|---|
| ||
Instructions to deploy WSO2 Identity Server in production. |