/
Configuring the Key Manager Node
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_link3' is unknown.

Configuring the Key Manager Node

Owned by Former user (Deleted)
Aug 22, 2018

Through out this guide you have configured keymgt.iots310.wso2.com as the key manager node.

Before you begin

  • Mount the registry as explained here.
  • Configure the following databases for the Key Manager in the <IOTS_HOME>/conf/datasources/master-datasources.xml file.
    For more information, see Setting Up the Databases for Clustering.
    • Registry Database
    • User manager database
    • APIM Database

Let's start configuring the Key Manager node.

  1. Configure the HostName and MgtHostName properties in the <IOTS_HOME>/conf/carbon.xml file as shown below.

    <HostName>keymgt.iots310.wso2.com</HostName>
<MgtHostName>keymgt.iots310.wso2.com</MgtHostName>

    Make sure to have the Offset property configured to zero. If it is set to a value other than zero, you need to update the NGINX configuration based on the port offset.

  2. Configure the <IOTS_HOME>/bin/iot-server.sh file as shown below:

     -Diot.keymanager.host="keymgt.iots310.wso2.com" \
 -Diot.keymanager.https.port="443" \

  3. Configure all the following properties in the <IOTS_HOME>/conf/identity/sso-idp-config.xml file by replacing https://localhost:9443 with https://mgt.iots310.wso2.com:443.

    • AssertionConsumerServiceURL

    • DefaultAssertionConsumerServiceURL

     Click here to view a configured file.
    <SSOIdentityProviderConfig>
   <TenantRegistrationPage>https://stratos-local.wso2.com/carbon/tenant-register/select_domain.jsp</TenantRegistrationPage>
   <ServiceProviders>
      <ServiceProvider>
         <Issuer>devicemgt</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/devicemgt/uuf/sso/acs</DefaultAssertionConsumerServiceURL>
         <SignAssertion>true</SignAssertion>
         <SignResponse>true</SignResponse>
         <EnableAttributeProfile>false</EnableAttributeProfile>
         <IncludeAttributeByDefault>false</IncludeAttributeByDefault>
         <Claims>
            <Claim>http://wso2.org/claims/role</Claim>
            <Claim>http://wso2.org/claims/emailaddress</Claim>
         </Claims>
         <EnableAudienceRestriction>true</EnableAudienceRestriction>
         <EnableRecipients>true</EnableRecipients>
         <AudiencesList>
            <Audience>https://localhost:9443/oauth2/token</Audience>
         </AudiencesList>
         <RecipientList>
            <Recipient>https://localhost:9443/oauth2/token</Recipient>
         </RecipientList>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>store</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/store/acs</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <CustomLoginPage>/store/login.jag</CustomLoginPage>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>social</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/social/acs</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <CustomLoginPage>/social/login</CustomLoginPage>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>publisher</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/publisher/acs</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <CustomLoginPage>/publisher/controllers/login.jag</CustomLoginPage>
         <EnableAudienceRestriction>true</EnableAudienceRestriction>
         <AudiencesList>
            <Audience>carbonServer</Audience>
         </AudiencesList>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>API_STORE</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/api-store/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <EnableAudienceRestriction>true</EnableAudienceRestriction>
         <AudiencesList>
            <Audience>carbonServer</Audience>
         </AudiencesList>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>portal</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <EnableAudienceRestriction>true</EnableAudienceRestriction>
         <EnableRecipients>true</EnableRecipients>
         <AudiencesList>
            <Audience>https://localhost:9443/oauth2/token</Audience>
         </AudiencesList>
         <RecipientList>
            <Recipient>https://localhost:9443/oauth2/token</Recipient>
         </RecipientList>
      </ServiceProvider>
      <ServiceProvider>
         <Issuer>analyticsportal</Issuer>
         <AssertionConsumerServiceURLs>
            <AssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</AssertionConsumerServiceURL>
         </AssertionConsumerServiceURLs>
         <DefaultAssertionConsumerServiceURL>https://mgt.iots310.wso2.com:443/portal/acs</DefaultAssertionConsumerServiceURL>
         <SignResponse>true</SignResponse>
         <EnableAudienceRestriction>true</EnableAudienceRestriction>
         <EnableRecipients>true</EnableRecipients>
         <AudiencesList>
            <Audience>https://localhost:9443/oauth2/token</Audience>
         </AudiencesList>
         <RecipientList>
            <Recipient>https://localhost:9443/oauth2/token</Recipient>
         </RecipientList>
      </ServiceProvider>
   </ServiceProviders>
</SSOIdentityProviderConfig>

  4. Start the WSO2 IoT Server's core profile.

    cd <IOTS_HOME>/bin
iot-server.sh

What's next?

Next, let's configure the manager node.

Related content

Configuring the Key Manager Node
Configuring the Key Manager Node
Enterprise Mobility Manager 3.3.0
More like this
Configuring the Key Manager Node
Configuring the Key Manager Node
IoT Server 3.3.0
More like this
Configuring the Key Manager Node
Configuring the Key Manager Node
IoT Server 3.1.0
More like this
Configuring the Key Manager Node
Configuring the Key Manager Node
IoT Server 3.2.0
More like this
Configuring the Manager Node
Configuring the Manager Node
IoT Server 3.1.0
More like this
Configuring the Manager Node
Configuring the Manager Node
IoT Server 3.2.0
More like this
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.