Setting Up A Single Node Pre-Production Environment

WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards upon which they are based on. The following tutorial guides you through setting up WSO2 Identity Server on a single node in a pre-production environment. 

Configuring the user store

WSO2 products allow you to configure multiple user stores to store your users and their roles. Your user store can be one of the following:

• A Directory Service that can communicate over LDAP protocol like OpenLDAP

• Active Directory

• A database that can communicate over JDBC

1. Download and unzip the WSO2 Identity Server product into a folder. This location is referred to as <IS_HOME>.

2. Set up a user store named WSO2UserStore.

   Note:  The instructions in this tutorial demonstrate configuring a JDBC user store.  See  Configuring User Stores   for more information on how to set up other types of user stores.

3. Copy the JDBC driver (in this case MySQL driver) to the <IS_HOME>/repository/component/lib directory of both nodes. To do this, download the MySQL Java connector JAR from here and place it in the <IS_HOME>/repository/components/lib directory.

4. Point all cluster nodes to the same user store (to share one LDAP directory). By default, WSO2 Identity Server is started with an embedded LDAP which comes with the product. Disable the embedded LDAP of node 2 by modifying embedded-ldap.xml which can be found in the <IS_HOME>/repository/conf/identity directory.

   <EmbeddedLDAP>
   	<Property name="enable">false</Property>
   <--------------------->
   <EmbeddedLDAP>

Configuring the datasources

1. Create the databases. See  Setting up the Physical Database  in the WSO2 Administration Guide for db scripts and more information. 
   This tutorial demonstrates deployment with a user management database (WSO2UMDB ) and an identity database ( IDENTITYDB) .

   Alternatively, you can create more databases for each type of data to separate the data logically. Note that this will NOT make a difference in performance and is not actually neccessary.

   However, if you do wish to separate the data logically into separate databases, see the Setting Up Separate Databases for Clustering topic.

2. Configure the datasource for the databases in both nodes of your cluster in the  master-datasources.xml   file found in the  <IS_HOME>/repository/conf/datasources   folder. 
   
   The code block below shows a sample configuration of the user mangement database and identity database for a mysql database.  For instructions on how to configure the datasource depending on the type of database you created, see    Changing the Carbon Database    in the WSO2 Product Administration Guide.

   Sample configuration of master-datasources.xml

    <datasources>
       <datasource>
           <name>WSO2_CARBON_DB</name>
           <description>The datasource used for registry and user manager</description>
           <jndiConfig>
               <name>jdbc/WSO2CarbonDB</name>
           </jndiConfig>
           <definition type="RDBMS">
               <configuration>
                   <url>jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
                   <username>wso2carbon</username>
                   <password>wso2carbon</password>
                   <driverClassName>org.h2.Driver</driverClassName>
                   <maxActive>50</maxActive>
                   <maxWait>60000</maxWait>
                   <testOnBorrow>true</testOnBorrow>
                   <validationQuery>SELECT 1</validationQuery>
                   <validationInterval>30000</validationInterval>
                   <defaultAutoCommit>false</defaultAutoCommit>
               </configuration>
           </definition>
       </datasource>
       <datasource>
           <name>WSO2_IDENTITY_DB</name>
           <description>The datasource used for registry, user management and identity</description>
           <jndiConfig>
               <name>jdbc/WSO2IdentityDS</name>
           </jndiConfig>
           <definition type="RDBMS">
               <configuration>
                   <url>jdbc:mysql://wso2is-pattern1-mysql-service:3306/WSO2_IDENTITY_DB?autoReconnect=true&amp;useSSL=false</url>
                   <username>wso2carbon</username>
                   <password>wso2carbon</password>
                   <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                   <maxActive>80</maxActive>
                   <maxWait>60000</maxWait>
                   <minIdle>5</minIdle>
                   <testOnBorrow>true</testOnBorrow>
                   <validationQuery>SELECT 1</validationQuery>
                   <validationInterval>30000</validationInterval>
                   <defaultAutoCommit>false</defaultAutoCommit>
               </configuration>
           </definition>
       </datasource>
   </datasources>

   Sample configuration of bps-datasources.xml

   <datasource>
       <name>BPS_DS</name>
       <description></description>
       <jndiConfig>
           <name>bpsds</name>
       </jndiConfig>
       <definition type="RDBMS">
           <configuration>
               <url>jdbc:mysql://wso2is-pattern1-mysql-service:3306/WSO2_IDENTITY_DB autoReconnect=true&amp;verifyServerCertificate=false&amp;useSSL=true</url>
               <username>wso2carbon</username>
               <password>wso2carbon</password>
               <driverClassName>com.mysql.jdbc.Driver</driverClassName>
               <maxActive>100</maxActive>
               <maxWait>10000</maxWait>
               <maxIdle>20</maxIdle>
               <testOnBorrow>true</testOnBorrow>
               <validationQuery>SELECT 1</validationQuery>
               <validationInterval>30000</validationInterval>
               <useDataSourceFactory>false</useDataSourceFactory>
               <defaultAutoCommit>false</defaultAutoCommit>
           </configuration>
       </definition>
   </datasource>

3. Start the WSO2 Identity Server using the following command after navigating to the <IS_HOME>/bin directory.

   For Linux users

    sh wso2server.sh

   For Windows users

   .\wso2server.bat

4. Decide on the domain you are going to host this server on. Change the hostname in the <IS_HOME>/repository/conf/carbon.xml file.
   

   <HostName>host.name.org</HostName>
   <MgtHostName>host.name.org</MgtHostName>

5. Obtain a certificate for the domain you defined in the previous step.

6. Configure a load balancer/reverse proxy with the obtained certificate. The ports and URLs that are used by WSO2 IS are given below. Ensure that the ports and URLs are mapped correctly in the load balancer. Terminate SSL at the load balancer.

   Usage	URL	Port
   HTTP Servlet	localhost	9763
   HTTPS Servlet (UI Consoles)	localhost	9443

7. WSO2 Identity Server is shipped with a default keystore named wso2carbon.jks. It is recommended to change this default keystore in a production deployment to another keystore with a different self-signed certificate. See Creating New Keystores for more information on how to do this.

8. For enhanced security, encrypt and change all passwords as specified in Encrypting Passwords with Cipher Tool.

9. Configure the WSO2 Identity Server to refer to WSO2UserStore (the user store that you set up in step 2) for user information.This can be done by updating the following configuration in the <IS_HOME>/repository/conf/user-mgt.xml file.
   

   If you are using this WSO2UserStore to store users, do not forget to change the administrator credentials.

   <Property name="dataSource">jdbc/WSO2UserStore</Property>

10. If you want to configure a different user store (other than a JDBC user store), see Configuring User Stores.

11. You can also configure a scheduled task to backup daily rolling logs to separate disks to avoid the disk-space running out.

12. Tune the performance of your WSO2 Identity Server deployment by following the recommendations in Performance Tuning Recommendations.

Setting up Analytics

The WSO2 Identity Server analytics component can be configured as indicated below.

1. In a separate machine, download the WSO2 Identity Server analytics distribution from the product download page and unpack it. The location that you have unpacked this distribution is referred to as <ANALYTICS_HOME>.

2. Copy the <IS_HOME>/repository/conf/datasources/master-datasource.xml file of the WSO2 Identity Server to the <ANALYTICS_HOME>/repository/conf/datasources/ directory.

3. Copy the <IS_HOME>/repository/conf/datasources/metrics-datasources.xml file of the WSO2 Identity Server to the <ANALYTICS_HOME>/repository/conf/datasources/ directory.

4. Mount the governance registry by modifying the <IS_HOME>/repository/conf/registry.xml file as mentioned in step 5 of the previous section.

5. Identify the user base that is logging into the analytics server and configure the user stores according to Configuring User Stores.

6. If the analytics server is accessible from outside, obtain a domain name, get a certificate and setup SSL to terminate at the LB. Change the hostname according to step 6 of the previous section. The ports to configure are as follows.

   Usage	URL	Port
   HTTP Servlet	localhost	9763
   HTTPS Servlet (UI consoles)	localhost	9443

7. WSO2 Identity Server analytics is shipped with a default keystore named wso2carbon.jks. It is recommended to change this default keystore in a production deployment to another keystore with a different self-signed certificate. See Configuring Keystores in WSO2 Products for more information on how to do this.

8. Enable analytics publishing in the WSO2 Identity Server to point to the analytics instance. Use the IP of the analytics server. You can also configure event publishers.