Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

The private key must be available in a keystore of the "JKS" or "PKCS12" type. More information on key stores can be found here.

Code Block
<!--
      Security configurations
     -->
    <Security>
        <!--
            KeyStore which will be used for encrypting/decrypting passwords
            and other sensitive information.
        -->
        <KeyStore>
            <!-- Keystore file location-->
            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
            <!-- Keystore type (JKS/PKCS12 etc.)-->
            <Type>JKS</Type>
            <!-- Keystore password-->
            <Password>wso2carbon</Password>
            <!-- Private Key alias-->
            <KeyAlias>wso2carbon</KeyAlias>
            <!-- Private Key password-->
            <KeyPassword>wso2carbon</KeyPassword>
        </KeyStore>

        <!--
           The directory under which all other KeyStore files will be stored
        -->
        <KeyStoresDir>${carbon.home}/repository/resources/security</KeyStoresDir>
    </Security>

...

1. Open <IS_HOME>/repository/conf/carbon.xml file.

2. Change the host name names of the Identity Provider to match the "Common Name" of the certificate of the private key.

Code Block
<!--
       Host name or IP address of the machine hosting this server
       e.g. www.wso2.org, 192.168.1.10
       This is will become part of the End Point Reference of the
       services deployed on this server instance.
    -->

    <HostName>localhost</HostName>
    <!--
    Host name to be used for the Carbon management console
    <ServerURL>https://localhost:${carbon.https.port}-->
    <MgtHostName>localhost</MgtHostName>
    <!--
        The URL of the back end server. This is where the admin services are hosted and
        will be used by the clients in the front end server.
        This is required only for the Front-end server. This is used when seperating BE server from FE server
       -->
    <ServerURL>local:/${carbon.context}/services/</ServerURL>

...

Code Block
languagehtml/xml
 <Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
               port="9763"
               ...
/>

<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
               port="9443
               scheme="https"
               ...
/>

Step 4. Changing the OpenID Provider configurations

1. Open the <IS_HOME>/repository/conf/identity.xml file.

2. Change the OpenID provider server URL by changing the corresponding configuration element.

Info

Once this is set, OpenIDs will be generated in the following format: <OpenIDUserPattern>/<User Name>.

For example, https://localhost:9443/openid/bob

<OpenIDServerUrl>https://localhost:9443/openidserver</OpenIDServerUrl> <OpenIDUserPattern>https://localhost:9443/openid/</OpenIDUserPattern>
 Info
Both configurations must have the HTTPS port.
 Code Block
 Excerpt
hiddentrue
Instructions to deploy WSO2 Identity Server in production.