WSO2 IoT Server has the admin user created by default. This user is also known as the super administrator as it has all the permissions assigned to it. The default username and password of this user is admin
. In a production environment, if you are using the admin user for administration purposes, it is recommended to change the username and password.
Changing the username and password using the script
This script automatically changes the username and password of the super administrator users. This method is recommended because manually changing the username and password includes many steps and if you miss out on a step you will run into errors.
If you are running the script, you need to have started WSO2 IoT Server atleast once. Therefore, if you are running WSO2 IoT Server for the first time, follow the steps given below:
Start the core profile of WSO2 IoT Server.
cd <IOTS_HOME>/bin ./iot-server.sh
- Stop the server and restart the server again.
- Run the script that is given below.
- Navigate to the
<IOTS_HOME>/scripts
directory. Run the
change-superadmin-credentials.sh
script.
Example: Running the script on a Mac or Linux OS../change-superadmin-credentials.sh
- Enter the old super administrator username and password.
If you are changing the username or password for the first time, the old username isadmin
and the old password isadmin
. - Enter the new super administrator username and password
- Enter the old super administrator username and password.
- Restart the server again for new super administrator username and password to be pushed to WSO2 IoT Server.
Changing the username and password manually
Follow the steps given below to manually change the username or password of the admin user:
If you only want to change the admin password and not the admin username, make sure to only change the password properties.
Open the
<IOTS_HOME>/conf/app-manager.xml
file and configure the username and password fields that haveadmin
assigned to it with the new password:<!--Admin username for the Authentication manager.--> <Username>{NEW_ADMIN_USERNAME}</Username> <!--Admin password for the Authentication manager.--> <Password>{NEW_ADMIN_PASSWORD}</Password> <!--Admin username for the API gateway.--> <Username>{NEW_ADMIN_USERNAME}</Username> <!--Admin password for the API gateway.--> <Password>{NEW_ADMIN_PASSWORD}</Password> <!--Administrator username to login to the remote DAS server.--> <DASUsername>{NEW_ADMIN_USERNAME}</DASUsername> <!--Administrator password to login to the remote DAS server.--> <DASPassword>{NEW_ADMIN_PASSWORD}</DASPassword> <Configurators> <Configurator> <name>wso2is</name> <version>5.0.0</version> <providerClass>org.wso2.carbon.appmgt.impl.idp.sso.configurator.IS500SAMLSSOConfigurator</providerClass> <parameters> <providerURL>https://${carbon.local.ip}:${mgt.transport.https.port}</providerURL> <username>{NEW_ADMIN_USERNAME}</username> <password>{NEW_ADMIN_PASSWORD}</password> </parameters> </Configurator> </Configurators> <EntitlementServiceConfiguration> <Parameters> <ServerUrl>https://${carbon.local.ip}:${mgt.transport.https.port}</ServerUrl> <Username>{NEW_ADMIN_USERNAME}</Username> <Password>{NEW_ADMIN_PASSWORD}</Password> </Parameters> </EntitlementServiceConfiguration> <MDM name="WSO2MDM" bundle="org.wso2.carbon.appmgt.mdm.restconnector"> <Property name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png</Property> <Property name="ServerURL">https://localhost:9443/mdm-admin</Property> <Property name="TokenApiURL">https://localhost:9443/oauth2/token</Property> <Property name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka</Property> <Property name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa</Property> <Property name="AuthUser">{NEW_ADMIN_USERNAME}</Property> <Property name="AuthPass">{NEW_ADMIN_PASSWORD}</Property> </MDM> <!-- Old EMM, Calls EMM using REST API --> <MDM name="WSO2EMM" bundle="org.wso2.carbon.appmgt.mdm.wso2emm"> <Property name="ServerURL">https://localhost:9443</Property> <Property name="ImageURL">https://localhost:9443/emm/assets/wso2mobile/img/models/%s.png</Property> <Property name="AuthUser">{NEW_ADMIN_USERNAME}</Property> <Property name="AuthPass">{NEW_ADMIN_PASSWORD}</Property> </MDM>
Change the
admin
username and password in the<IOTS_HOME>/conf/iot-api-config.xml
file.
<!--Admin username/password - this is to use for oauth token generation--> <Username>{NEW_ADMIN_USERNAME}</Username> <Password>{NEW_ADMIN_PASSWORD}</Password>
Change the
admin
username and password in the<IOTS_HOME>/conf/apim-integration.xml
file.Change the
admin
username and password in theanalytics-data-config.xml
file. This file can be found in the following locations:<IOTS_HOME>/conf/analytics
<IOTS_HOME>/wso2/analytics/conf/analytics
<!-- A valid user name which have necessary permissions to use the remote services --> <Username>{NEW_ADMIN_USERNAME}</Username> <!--A valid password of the user provided above. You also can use secure vault, if you don't want to configure --> <!--the plain text password here.--> <Password>{NEW_ADMIN_PASSWORD}</Password>
Change the all the instances that have
admin
as the username and password in the<IOTS_HOME>/wso2/analytics/conf/input-event-adapters.xml
file.Change the
admin
username and password in theuser-mgt.xml
file. The file can be found in the following locations.
Make sure to do the changes in all the files.<IOTS_HOME>/wso2/analytics/conf
<IOTS_HOME>/wso2/broker/conf
<IOTS_HOME>/conf
<AdminUser> <UserName>{NEW_ADMIN_USERNAME}</UserName> <Password>{NEW_ADMIN_PASSWORD}</Password> </AdminUser>
Change the
admin
username and password in themetrics.xml
file. The file can be found in the following locations.
Make sure to do the changes in all the files.<IOTS_HOME>/conf
<IOTS_HOME>/wso2/analytics/conf
<IOTS_HOME>/wso2/broker/conf
<Username>{NEW_ADMIN_USERNAME}</Username> <Password>{NEW_ADMIN_PASSWORD}</Password>
Change the
admin
username and password in the<IOTS_HOME>/wso2/broker/conf/broker.xml
file.<authenticator class="org.wso2.carbon.andes.authentication.andes.OAuth2BasedMQTTAuthenticator"> <property name="hostURL">https://localhost:9443/services/OAuth2TokenValidationService</property> <property name="username">{NEW_ADMIN_USERNAME}</property> <property name="password">{NEW_ADMIN_PASSWORD}</property> <property name="maxConnectionsPerHost">10</property> <property name="maxTotalConnections">150</property> </authenticator> <authorizer class="org.wso2.carbon.andes.extensions.device.mgt.mqtt.authorization.DeviceAccessBasedMQTTAuthorizer"> <!--<property name="connectionPermission">/permission/admin/device-mgt/user</property>--> <!--topic subscription permissions which are assigned through grouping--> <property name="subscriberPermission">/permission/device-mgt/user/groups/device_events</property> <!--topic publisher permissions which are assigned through grouping--> <property name="publisherPermission">/permission/device-mgt/user/groups/device_operation</property> <property name="username">{NEW_ADMIN_USERNAME}</property> <property name="password">{NEW_ADMIN_PASSWORD}</property> <property name="tokenEndpoint">https://localhost:8243</property> <!--offset time from expiry time to trigger refresh call - seconds --> <property name="tokenRefreshTimeOffset">100</property> <property name="deviceMgtServerUrl">https://localhost:8243</property> </authorizer>
Configure the files given below to update the super administrator username:
When adding the admin username, make sure to append the super tenant domain name to the username. The default super tenant domain name is
carbon.super
.Change the admin user name and the owner that is under the
oauthProvider
property in the<IOT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json
file."adminUser": "{NEW_ADMIN_USERNAME}@carbon.super" "owner": "{NEW_ADMIN_USERNAME}@carbon.super",
- Change the
owner
under theoauthProvider
property in the following files.<IOT_HOME>/repository/deployment/server/jaggeryapps/android-web-agent/app/conf/config.json
<IOT_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/config.json
"adminUser": "{NEW_ADMIN_USERNAME}@carbon.super"
Restart the three profiles in WSO2 IoT Server in the following order. You can stop the profiles using
CTRL+C
respectively.Restart the broker profile:
cd <IOTS_HOME>/broker/bin ./broker.sh
Restart the core profile:
cd <IOTS_HOME>/broker/bin ./iot-server.sh
Restart the analytics profile:
cd <IOTS_HOME>/analytics/bin ./analytics.sh
Clear the browser cache and sign in to the device management console (
https://<IOTS_HOST>:9443/devicemgt
) with new admin credentials.