Changing the Password of the Admin User
- Former user (Deleted)
Following the steps below to change the default password of the admin user of WSO2 BAM and to secure it using Secure Vault.
By default, standalone WSO2 BAM runs with embedded Cassandra which uses WSO2 authentication to authenticate/authorize users, and has default admin user credentials configured in the datasources (WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE, WSO2BAM_CASSANDRA_DATASOURCE, WSO2BAM_UTIL_DATASOURCE, WSO2BAM_HIVE_INCREMENTAL_DATASOURCE) of the <BAM_HOME>/repository/conf/bam-datasources.xml file, and in the <BAM_HOME>/repository/conf/advanced/hive-site.xml file. However, you can change this default admin user to a Cassandra user who can connect to Cassandra as follows.
- If you configure WSO2 BAM with an external Cassandra Cluster (e.g. Apache Cassnndra, DSE Cassndra): Replace the admin user credentials with user credentials to connect to an external Cassandra cluster.
- If you use WSO2 BAM with the embedded Cassandra: Create a new user for Cassandra by assigning only Cassandra keyspace related permissions.
Change the
<AdminUser>section in the<PRODUCT_HOME>/repository/conf/user-mgt.xmlfile accordingly as follows, if you want to change the password of the admin user.<AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser>
To secure passwords using Secure Vault (i.e. by running
ciphertool.sh), change the password values of the following configurations in the<PRODUCT_HOME>/repository/conf/security/cipher-text.propertiesfile accordingly as follows.Carbon.Security.KeyStore.Password=[wso2carbon] Carbon.Security.KeyStore.KeyPassword=[wso2carbon] Carbon.Security.TrustStore.Password=[wso2carbon] UserManager.AdminUser.Password=[admin] Datasources.WSO2_CARBON_DB.Configuration.Password=[wso2carbon]
Change the
<password>property of the below datasources in the<BAM_HOME>/repository/conf/datasources/bam-datasources.xmlfile by providing the password in plain text.Skip this step if you are securing passwords using secure vault (i.e. by running
ciphertool.sh).WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCEWSO2BAM_CASSANDRA_DATASOURCEWSO2BAM_UTIL_DATASOURCEWSO2BAM_HIVE_INCREMENTAL_DATASOURCE
To secure passwords using Secure Vault, add the following new configurations to the
<BAM_HOME>/repository/conf/security/cipher-text.propertiesfile and change the value of the admin password accordingly.Use the following configurations only secure the admin user passwords. You can also secure other passwords using Secure Vault.
Datasources.WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE.Configuration.Password=[admin] Datasources.WSO2BAM_CASSANDRA_DATASOURCE.Configuration.Password=[admin] Datasources.WSO2BAM_UTIL_DATASOURCE.Configuration.Password=[admin] Datasources.WSO2BAM_HIVE_INCREMENTAL_DATASOURCE.Configuration.Password=[admin]
Add the following configurations to the
<BAM_HOME>/repository/conf/securitycipher-tool.propertiesfile.Datasources.WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE']/definition[@type='CASSANDRA']/configuration/password,false Datasources.WSO2BAM_CASSANDRA_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_CASSANDRA_DATASOURCE']/definition[@type='CASSANDRA']/configuration/password,false Datasources.WSO2BAM_UTIL_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_UTIL_DATASOURCE']/definition[@type='CASSANDRA']/configuration/password,false Datasources.WSO2BAM_HIVE_INCREMENTAL_DATASOURCE.Configuration.Password=bam-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2BAM_HIVE_INCREMENTAL_DATASOURCE']/definition[@type='CASSANDRA']/con
Execute the following command to run the
<BAM_HOME>/bin/ciphertool.shCipher Tool script with the-Dconfigureoption. Provide primary keystore password of the Carbon Server when prompted:sh ciphertool.sh -DconfigureEnter the new admin password in the following configurations of the
<BAM_HOME>/repository/conf/advanced/hive-site.xmlfile.By default, Secure Vault doesn't support passwords configured in the
<BAM_HOME>/repository/conf/advanced/hive-site.xmlfile. However, you require this step only if you are using incremental data processing.<property> <name>hive.incremental.processing.intermediate.results.cassandra.password</name> <value>Enter the new password here.</value> </property> <property> <name>notification.task.receiver.password</name> <value>Enter the new password here.</value> </property>
After changing the password of admin user, properly configure all the data publishing agents (e.g. the mediation stat agent and service stat agent) in your setups according to the changed password.