Through out this guide you have configured keymgt.iots310.wso2.com
as the key manager node.
Let's start configuring the Key Manager node.
Configure the HostName
and MgtHostName
properties in the <IOTS_HOME>/conf/carbon.xml
file as shown below.
<HostName>keymgt.iots310.wso2.com</HostName>
<MgtHostName>keymgt.iots310.wso2.com</MgtHostName>
Configure the <IOTS_HOME>/bin/iot-server.sh
file as shown below:
-Diot.keymanager.host="keymgt.iots310.wso2.com" \
-Diot.keymanager.https.port="443" \
Configure all the following properties in the <IOTS_HOME>/conf/identity/sso-idp-config.xml
file by replacing https://localhost:9443
with https://mgt.iots310.wso2.com:443
.
Click here to view a configured file.
<SSOIdentityProviderConfig>
<TenantRegistrationPage>https://stratos-local.wso2.com/carbon/tenant-register/select_domain.jsp</TenantRegistrationPage>
<ServiceProviders>
<ServiceProvider>
<Issuer>devicemgt</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</DefaultAssertionConsumerServiceURL>
<SignAssertion>true</SignAssertion>
<SignResponse>true</SignResponse>
<EnableAttributeProfile>false</EnableAttributeProfile>
<IncludeAttributeByDefault>false</IncludeAttributeByDefault>
<Claims>
<Claim>http://wso2.org/claims/role</Claim>
<Claim>http://wso2.org/claims/emailaddress</Claim>
</Claims>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<EnableRecipients>true</EnableRecipients>
<AudiencesList>
<Audience>https://localhost:9443/oauth2/token</Audience>
</AudiencesList>
<RecipientList>
<Recipient>https://localhost:9443/oauth2/token</Recipient>
</RecipientList>
</ServiceProvider>
<ServiceProvider>
<Issuer>store</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<CustomLoginPage>/store/login.jag</CustomLoginPage>
</ServiceProvider>
<ServiceProvider>
<Issuer>social</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<CustomLoginPage>/social/login</CustomLoginPage>
</ServiceProvider>
<ServiceProvider>
<Issuer>publisher</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<CustomLoginPage>/publisher/controllers/login.jag</CustomLoginPage>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<AudiencesList>
<Audience>carbonServer</Audience>
</AudiencesList>
</ServiceProvider>
<ServiceProvider>
<Issuer>API_STORE</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<AudiencesList>
<Audience>carbonServer</Audience>
</AudiencesList>
</ServiceProvider>
<ServiceProvider>
<Issuer>portal</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<EnableRecipients>true</EnableRecipients>
<AudiencesList>
<Audience>https://localhost:9443/oauth2/token</Audience>
</AudiencesList>
<RecipientList>
<Recipient>https://localhost:9443/oauth2/token</Recipient>
</RecipientList>
</ServiceProvider>
<ServiceProvider>
<Issuer>analyticsportal</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
<SignResponse>true</SignResponse>
<EnableAudienceRestriction>true</EnableAudienceRestriction>
<EnableRecipients>true</EnableRecipients>
<AudiencesList>
<Audience>https://localhost:9443/oauth2/token</Audience>
</AudiencesList>
<RecipientList>
<Recipient>https://localhost:9443/oauth2/token</Recipient>
</RecipientList>
</ServiceProvider>
</ServiceProviders>
</SSOIdentityProviderConfig>
Start the WSO2 IoT Server's core profile.
cd <IOTS_HOME>/bin
iot-server.sh
What's next?
Next, let's configure the manager node.