|
[server]
|
|
hostname = "localhost"
|
|
#offset=0
|
|
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
|
|
#discard_empty_caches = false
|
|
server_role = "default"
|
|
|
|
[super_admin]
|
|
username = "admin"
|
|
password = "admin"
|
|
create_admin_account = true
|
|
|
|
[realm_manager.properties]
|
|
reserved_tenant_user_username = "reserved_user"
|
|
reserved_tenant_user_password = "reserved_user"
|
|
|
|
[user_store]
|
|
type = "database_unique_id"
|
|
|
|
[database.apim_db]
|
|
type = "h2"
|
|
url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
|
|
username = "wso2carbon"
|
|
password = "wso2carbon"
|
|
|
|
[database.shared_db]
|
|
type = "h2"
|
|
url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
|
|
username = "wso2carbon"
|
|
password = "wso2carbon"
|
|
|
|
[keystore.tls]
|
|
file_name = "wso2carbon.jks"
|
|
type = "JKS"
|
|
password = "wso2carbon"
|
|
alias = "wso2carbon"
|
|
key_password = "wso2carbon"
|
|
|
|
[identity_mgt.endpoint]
|
|
enable_self_signup_endpoint = false
|
|
|
|
[web_app.listener]
|
|
class_name = ["io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener.APIPublisherLifecycleListener", "io.entgra.device.mgt.core.device.mgt.core.config.permission.lifecycle.WebAppDeploymentLifecycleListener"]
|
|
|
|
#[ios_emm_conf]
|
|
#ios_enroll_url="https://localhost:8243/api/ios/v1.0/scep"
|
|
#ios_profile_url="https://localhost:8243/api/ios/v1.0/profile"
|
|
#ios_checkin_url="https://localhost:8243/api/ios/v1.0/checkin"
|
|
#ios_server_url="https://localhost:8243/api/ios/v1.0/server"
|
|
|
|
#[device_mgt_conf.push_notification_conf]
|
|
#push_notification_providers=["io.entgra.proprietary.uem.platform.ios.plugin.apns.APNSBasedPushNotificationProvider", "io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.fcm.FCMBasedPushNotificationProvider", "io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.mqtt.MQTTBasedPushNotificationProvider", "io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.http.HTTPBasedPushNotificationProvider", "io.entgra.device.mgt.core.device.mgt.extensions.push.notification.provider.xmpp.XMPPBasedPushNotificationProvider"]
|
|
#fcm_server_endpoint="https://fcm.googleapis.com/v1/projects/project_id/messages:send"
|
|
|
|
#[certificate_conf.certificate_keystore]
|
|
#location="${carbon.home}/repository/resources/security/wso2certs.jks"
|
|
#type="JKS"
|
|
#password="wso2carbon"
|
|
#cacert_alias="cacert"
|
|
#cacert_password="wso2carbon"
|
|
#racert_alias="racert"
|
|
#racert_password="wso2carbon"
|
|
|
|
#[webapp_publisher_configs]
|
|
#tenants = []
|
|
|
|
[tenant_mgt]
|
|
tenant_deletion = true
|
|
invoke_on_delete = true
|
|
# eager_loading_tenants="*"
|
|
|
|
#[event.default_listener.identity_mgt]
|
|
#priority= "50"
|
|
#enable = false
|
|
|
|
#[event.default_listener.governance_identity_mgt]
|
|
#priority= "95"
|
|
#enable = true
|
|
|
|
#[event.default_listener.governance_identity_store]
|
|
#priority= "97"
|
|
#enable = true
|
|
|
|
#[keystore.primary]
|
|
#file_name = "wso2carbon.jks"
|
|
#type = "JKS"
|
|
#password = "wso2carbon"
|
|
#alias = "wso2carbon"
|
|
#key_password = "wso2carbon"
|
|
|
|
#[keystore.internal]
|
|
#file_name = "wso2carbon.jks"
|
|
#type = "JKS"
|
|
#password = "wso2carbon"
|
|
#alias = "wso2carbon"
|
|
#key_password = "wso2carbon"
|
|
|
|
[[apim.gateway.environment]]
|
|
name = "Default"
|
|
type = "hybrid"
|
|
display_in_api_console = true
|
|
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
|
|
show_as_token_endpoint_url = true
|
|
service_url = "https://localhost:${mgt.transport.https.port}/services/"
|
|
username= "${admin.username}"
|
|
password= "${admin.password}"
|
|
ws_endpoint = "ws://localhost:9099"
|
|
wss_endpoint = "wss://localhost:8099"
|
|
http_endpoint = "http://localhost:${http.nio.port}"
|
|
https_endpoint = "https://localhost:${https.nio.port}"
|
|
websub_event_receiver_http_endpoint = "http://localhost:9021"
|
|
websub_event_receiver_https_endpoint = "https://localhost:8021"
|
|
|
|
[apim.sync_runtime_artifacts.gateway]
|
|
gateway_labels =["Default"]
|
|
|
|
#[device_mgt_conf.identity_conf]
|
|
#server_url = "https://localhost"
|
|
#admin_username = "${admin.username}"
|
|
#admin_password = "${admin.password}"
|
|
|
|
#[device_mgt_conf.key_manager_conf]
|
|
#server_url = "https://localhost"
|
|
#admin_username = "${admin.username}"
|
|
#admin_password = "${admin.password}"
|
|
|
|
#[apim.cache.gateway_token]
|
|
#enable = true
|
|
#expiry_time = "900s"
|
|
|
|
#[apim.cache.resource]
|
|
#enable = true
|
|
#expiry_time = "900s"
|
|
|
|
#[apim.cache.km_token]
|
|
#enable = false
|
|
#expiry_time = "15m"
|
|
|
|
#[apim.cache.recent_apis]
|
|
#enable = false
|
|
|
|
#[apim.cache.scopes]
|
|
#enable = true
|
|
|
|
#[apim.cache.publisher_roles]
|
|
#enable = true
|
|
|
|
#[apim.cache.jwt_claim]
|
|
#enable = true
|
|
#expiry_time = "15m"
|
|
|
|
#[apim.cache.tags]
|
|
#expiry_time = "2m"
|
|
|
|
[apim.analytics]
|
|
enable = false
|
|
config_endpoint = "https://localhost:8080/auth/v1"
|
|
auth_token = ""
|
|
|
|
[apim.key_manager]
|
|
#service_url = "https://localhost:${mgt.transport.https.port}/services/"
|
|
#username = "$ref{super_admin.username}"
|
|
#password = "$ref{super_admin.password}"
|
|
#pool.init_idle_capacity = 50
|
|
#pool.max_idle = 100
|
|
#key_validation_handler_type = "default"
|
|
#key_validation_handler_type = "custom"
|
|
key_validation_handler_impl = "io.entgra.device.mgt.core.apimgt.keymgt.extension.KeyValidationHandler"
|
|
|
|
#[apim.idp]
|
|
#server_url = "https://localhost:${mgt.transport.https.port}"
|
|
#authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize"
|
|
#oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout"
|
|
#oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession"
|
|
|
|
#[apim.jwt]
|
|
#enable = true
|
|
#encoding = "base64" # base64,base64url
|
|
#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
|
|
#claim_dialect = "http://wso2.org/claims"
|
|
#convert_dialect = false
|
|
#header = "X-JWT-Assertion"
|
|
#signing_algorithm = "SHA256withRSA"
|
|
#enable_user_claims = true
|
|
#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
|
|
|
|
[apim.oauth_config]
|
|
# ------------------Enabled for IOT/EMM ---------------------------
|
|
enable_outbound_auth_header = true
|
|
#auth_header = "Authorization"
|
|
#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
|
|
#enable_token_encryption = false
|
|
#enable_token_hashing = false
|
|
|
|
#[apim.devportal]
|
|
#url = "https://localhost:${mgt.transport.https.port}/devportal"
|
|
#enable_application_sharing = false
|
|
#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
|
|
#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
|
|
#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
|
|
#display_multiple_versions = false
|
|
#display_deprecated_apis = false
|
|
#enable_comments = true
|
|
#enable_ratings = true
|
|
#enable_forum = true
|
|
#enable_anonymous_mode=true
|
|
#enable_cross_tenant_subscriptions = true
|
|
#default_reserved_username = "apim_reserved_user"
|
|
|
|
[apim.cors]
|
|
allow_origins = "*"
|
|
allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
|
|
allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"]
|
|
allow_credentials = false
|
|
|
|
#[apim.throttling]
|
|
#enable_data_publishing = true
|
|
#enable_policy_deploy = true
|
|
#enable_blacklist_condition = true
|
|
#enable_persistence = true
|
|
#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
|
|
|
|
#[apim.throttling.blacklist_condition]
|
|
#start_delay = "5m"
|
|
#period = "1h"
|
|
|
|
#[apim.throttling.jms]
|
|
#start_delay = "5m"
|
|
|
|
#[apim.throttling.event_sync]
|
|
#hostName = "0.0.0.0"
|
|
#port = 11224
|
|
|
|
#[apim.throttling.event_management]
|
|
#hostName = "0.0.0.0"
|
|
#port = 10005
|
|
|
|
#[[apim.throttling.url_group]]
|
|
#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
|
|
#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
|
|
#type = "loadbalance"
|
|
|
|
#[[apim.throttling.url_group]]
|
|
#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
|
|
#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
|
|
#type = "failover"
|
|
|
|
#[apim.workflow]
|
|
#enable = false
|
|
#service_url = "https://localhost:9445/bpmn"
|
|
#username = "$ref{super_admin.username}"
|
|
#password = "$ref{super_admin.password}"
|
|
#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
|
|
#token_endpoint = "https://localhost:${https.nio.port}/token"
|
|
#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
|
|
#client_registration_username = "$ref{super_admin.username}"
|
|
#client_registration_password = "$ref{super_admin.password}"
|
|
|
|
#data bridge config
|
|
#[transport.receiver]
|
|
#type = "binary"
|
|
#worker_threads = 10
|
|
#session_timeout = "30m"
|
|
#keystore.file_name = "$ref{keystore.tls.file_name}"
|
|
#keystore.password = "$ref{keystore.tls.password}"
|
|
#tcp_port = 9611
|
|
#ssl_port = 9711
|
|
#ssl_receiver_thread_pool_size = 100
|
|
#tcp_receiver_thread_pool_size = 100
|
|
#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
|
|
#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
|
|
|
|
#[apim.notification]
|
|
#from_address = "APIM.com"
|
|
#username = "APIM"
|
|
#password = "APIM+123"
|
|
#hostname = "localhost"
|
|
#port = 3025
|
|
#enable_start_tls = false
|
|
#enable_authentication = true
|
|
|
|
#[apim.token.revocation]
|
|
#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
|
|
#enable_realtime_notifier = true
|
|
#realtime_notifier.ttl = 5000
|
|
#enable_persistent_notifier = true
|
|
#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
|
|
#persistent_notifier.ttl = 5000
|
|
#persistent_notifier.username = "root"
|
|
#persistent_notifier.password = "root"
|
|
|
|
[[event_handler]]
|
|
name="userPostSelfRegistration"
|
|
subscriptions=["POST_ADD_USER"]
|
|
|
|
[service_provider]
|
|
sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
|
|
|
|
[database.local]
|
|
url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
|
|
|
|
[[event_listener]]
|
|
id = "token_revocation"
|
|
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
|
|
name = "org.wso2.is.notification.ApimOauthEventInterceptor"
|
|
order = 1
|
|
#[event_listener.properties]
|
|
#notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
|
|
#username = "${admin.username}"
|
|
#password = "${admin.password}"
|
|
#'header.X-WSO2-KEY-MANAGER' = "default"
|
|
|
|
[apim.sync_runtime_artifacts.gateway.skip_list]
|
|
apis = ["_TokenAPI_.xml", "_API_Key_Management_.xml", "health-check.xml", "admin--Android-Mutual-SSL-Configuration-Management.xml", "admin--Android-Mutual-SSL-Device-Management.xml", "admin--Android-Mutual-SSL-Event-Receiver.xml", "admin--IOS-Enrollment.xml", "admin--IOS-Enrollment-Authenticate-Agent.xml", "admin--IOS-Enrollment-Profile.xml", "admin--IOS-Enrollment-Profile-DEP.xml", "admin--IOS-Enrollment-Scep.xml", "admin--Windows_8.1_Device_Management_Service.xml", "admin--Windows_8.1_Device_Management_Service_v1.0.0.xml", "admin--Windows_8.1_Enrollment_Service.xml", "admin--Windows_8.1_Enrollment_Service_v1.0.0.xml", "admin--Windows_10_Device_management.xml", "admin--Windows_10_Device_management_v1.0.0.xml", "admin--Windows_10_Enrollment_Service.xml", "admin--Windows_10_Enrollment_Service_v1.0.0.xml", "admin--Windows_Discovery_Service.xml", "admin--Windows_Discovery_Service_v1.0.0.xml", "admin--Windows_Enrollment_policy_Service.xml", "admin--Windows_Enrollment_policy_Service_v1.0.0.xml", "admin--Windows-Mutual-SSL-Device-Management.xml"]
|
|
sequences = ["_api_registration_fault_.xml"]
|
|
|
|
[transport.https.properties]
|
|
maxHttpHeaderSize="16384"
|
|
|
|
[transport.http.properties]
|
|
maxHttpHeaderSize="16384"
|
|
|
|
[oauth.grant_type.jwt_bearer]
|
|
grant_handler="io.entgra.device.mgt.core.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler"
|
|
|
|
[[oauth.custom_grant_type]]
|
|
name="access_token"
|
|
grant_handler="io.entgra.device.mgt.core.device.mgt.oauth.extensions.handlers.grant.AccessTokenGrantHandler"
|
|
grant_validator="io.entgra.device.mgt.core.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator"
|
|
|
|
[oauth.token_renewal]
|
|
renew_refresh_token=false
|
|
|
|
[oauth.token_validation]
|
|
refresh_token_validity = -1
|
|
|
|
#[device_mgt_conf.remote_session_conf]
|
|
#enabled="true"
|
|
#remote_session_server_url="wss://localhost:9443"
|
|
|
|
#[device_mgt_conf.enrollment_guide_conf]
|
|
#enable=true
|
|
|
|
[product_conf]
|
|
server_name = "UEM Server"
|
|
server_version = "6.2.0"
|
|
current_year = "2024"
|
|
|
|
[device_mgt_conf.archival_conf.archival_task]
|
|
enabled = "false"
|
|
archival_pending_operations = "false"
|
|
task_class = "io.entgra.device.mgt.core.device.mgt.core.task.impl.ArchivalTask"
|
|
cron_expression = "0 0 0 1/1 * ? *"
|
|
retention_period = "30"
|
|
execution_batch_size = "100"
|
|
|
|
[device_mgt_conf.archival_conf.archival_task.purging_task]
|
|
enabled = "false"
|
|
task_class = "io.entgra.device.mgt.core.device.mgt.core.task.impl.ArchivedDataDeletionTask"
|
|
cron_expression = "0 0 3 1/1 * ? *"
|
|
retention_period = "365"
|
|
|
|
################################### Mail transport configurations ###################################
|
|
|
|
#[[transport.mail.sender]]
|
|
#name = "mailto"
|
|
#parameter.host = ""
|
|
#parameter.port = ""
|
|
#parameter.starttls.enable = false
|
|
#parameter.auth = false
|
|
#parameter.user = ""
|
|
#parameter.password = ""
|
|
#parameter.from = ""
|
|
|
|
#[output_adapter.email]
|
|
#from_address = ""
|
|
#username = ""
|
|
#password = ""
|
|
#signature = ""
|
|
#hostname = ""
|
|
#port = ""
|
|
#enable_start_tls = false
|
|
#enable_authentication = false
|