We have implemented a small number of WSO2 API Manager (v1.10.0) customisations in our standalone (DEV environment) implementation.
However, now that I'm coming to implement this in the distributed UAT and PRD environments, I'm unsure of exactly which servers each of these customisations/configurations should go on.
We have the following distributed architecture:
- Gateway (x2)
- Publisher & Store (on a single server)
- Key Manager (x2)
This follows this design from the online documentation:
The standard distributed install is all configured and working as expected.
The customisations that we've implemented are as follows:
1. Configure Custom Login Pages
By default, WSO2 uses its own logon page for the authentication of users. An example of this is shown in the screenshot below:
This is done by updating the contents of the `/repository/deployment/server/webapps/authenticationendpoint' folder.
2. Configure to Skip User Consent
By default, the user is prompted to consent to the web application accessing their OpenID profile information:
This is done by changing the <OpenIDConnect><SkipUserConsent> value from false to true the Open the \repostiory\conf\identity\identity.xml file
3. Configuring User Account Recovery and Notifications
This is done by:
- Installing the ‘Account Recovery and Credential Management’ feature in the WSO2 Admin interface
- Setting the
IdentityMgtEventListenertotruein the\repository\conf\carbon.xmlfile - Updating the notification and useraccount settings in the
/repository\conf\identity\identity-mgt.propertiesfile - Uncommenting the
<transportSender name="mailto"...>block in the\repository\conf\axis2\axis2.xmlfile
(Using the Password Recovery instructions from the online documentation)
4. Configuring A Custom User Store Manager
Unfortunately, WSO2 currently does not support renaming users in the existing User Stores through the User Store Management APIs it exposes.
To enable our application to do this, we’ve implemented the Custom JDBC User Manager Store identified here: http://tharindue.blogspot.co.uk/2015/05/a-workaround-for-renaming-username-of.html
5. Creating Claims
Here we have deleted the default Username claim and added two other claims (Rename Username & User ID) by following the instructions here: http://soasecurity.org/2012/05/02/claim-management-with-wso2-identity-server/
Here's the question...
Which of the (distributed) servers or components should each of these customisations be done on?
My initial investigation suggests the following, but I wanted to confirm before starting to update configurations:
1. Configure Custom Login Pages - Gateway servers Key Manager servers
2. Configure to Skip User Consent - Gateway servers Key Manager servers
3. Configuring User Account Recovery and Notifications - Key Manager servers
4. Configuring A Custom User Store Manager - Key Manager servers
5. Creating Claims - Key Manager servers
Are these correct? Is there anything else that I need to be aware of?
Many thanks in advance! Jon
1, which login are you talking about? Is that store, publisher or admin console of gateway manager? are you using identity server as keymanager? – Bee