diff --git a/api_demo/main.go b/api_demo/main.go
index e87fd681e7d161265f07309ae5aef584d902f01e..f8ecf8559ca7d25a42328256213907b618424278 100644
--- a/api_demo/main.go
+++ b/api_demo/main.go
@@ -3,12 +3,16 @@ package main
import (
"fmt"
"net/http"
+ "strings"
)
func main() {
mux := http.NewServeMux()
// Returns authorization code back to the user
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+ // Dump request
+ reqDump := formatRequest(r)
+ fmt.Printf("Request: %v\n", reqDump)
w.Header().Set("Content-Type", "application/json")
w.Write([]byte(`{
"foo": "bar",
@@ -16,5 +20,28 @@ func main() {
}`))
})
fmt.Println("Starting demo api server...")
- http.ListenAndServe(":8090", mux)
+ http.ListenAndServe(":8092", mux)
+}
+
+// formatRequest generates ascii representation of a request
+func formatRequest(r *http.Request) string {
+ // Create return string
+ var request []string // Add the request string
+ url := fmt.Sprintf("%v %v %v", r.Method, r.URL, r.Proto)
+ request = append(request, url) // Add the host
+ request = append(request, fmt.Sprintf("Host: %v", r.Host)) // Loop through headers
+ for name, headers := range r.Header {
+ name = strings.ToLower(name)
+ for _, h := range headers {
+ request = append(request, fmt.Sprintf("%v: %v", name, h))
+ }
+ }
+
+ // If this is a POST, add post data
+ if r.Method == "POST" {
+ r.ParseForm()
+ request = append(request, "\n")
+ request = append(request, r.Form.Encode())
+ } // Return the request as a string
+ return strings.Join(request, "\n")
}
diff --git a/app_demo/.env b/app_demo/.env
index c3ad56e5a0eaf479bbc8dc936237d18f33027263..052e5cf2d24c97ab6cfefe4f7c9e7716f565e521 100644
--- a/app_demo/.env
+++ b/app_demo/.env
@@ -4,9 +4,9 @@ CLIENT_GROUP=CLIENTS
# Needed to user OAuth2 authentication :
REDIRECT_URL=https://${HOSTNAME}/OAuth2Callback
-CLIENT_ID=__GET_ONE_FROM_YOUR_IDP__
-CLIENT_SECRET=__GET_ONE_FROM_YOUR_IDP__
-AUTH_URL=https://myidp.fr/IdPOAuth2/authorize/oidc-rec
-TOKEN_URL=https://myidp.fr/IdPOAuth2/token/oidc-rec
+CLIENT_ID=im2IjE3hQqAScVLr_YgTbjAx75Ma
+CLIENT_SECRET=5KlIN0zfMJy5p6Rs2yImd9ww2wQa
+AUTH_URL=https://apis.grandlyon.fr/auth
+TOKEN_URL=https://apis.grandlyon.fr/token
USERINFO_URL=https://myidp.fr/IdPOAuth2/userinfo/oidc-rec
LOGOUT_URL=https://myidp.fr/auth/logout.jsp
diff --git a/app_demo/internal/auth/oauth2.go b/app_demo/internal/auth/oauth2.go
index 59b6adfbd41823527d59faecf4674dc7d466cb34..2fc6f4439afdc9ee8f96d71cc4043b742ee94ad5 100644
--- a/app_demo/internal/auth/oauth2.go
+++ b/app_demo/internal/auth/oauth2.go
@@ -112,7 +112,7 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
return
}
// Redirect and pass the token in query /// UNSECURE FOR DEMO PURPOSES ONLY
- http.Redirect(w, r, "?access_token="+token.AccessToken+"#home", http.StatusFound)
+ http.Redirect(w, r, "https://"+os.Getenv("HOSTNAME")+"?access_token="+token.AccessToken+"#home", http.StatusFound)
}
return http.HandlerFunc(oauth2Handler)
}
diff --git a/app_demo/internal/rootmux/rootmux.go b/app_demo/internal/rootmux/rootmux.go
index bc1623b4e122dfba1f175c5f5532ae385389b1cd..b890b78e05896c120b66928544ad1066adcce63a 100644
--- a/app_demo/internal/rootmux/rootmux.go
+++ b/app_demo/internal/rootmux/rootmux.go
@@ -26,6 +26,10 @@ func CreateRootMux(port int, staticDir string) RootMux {
m := auth.NewManager()
mainMux.HandleFunc("/OAuth2Login", m.HandleOAuth2Login)
mainMux.Handle("/OAuth2Callback", m.HandleOAuth2Callback())
+ mainMux.HandleFunc("/APIConfiguration", func(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("Content-Type", "application/json")
+ w.Write([]byte(`{"endpoint":"`+os.Getenv("API_ENDPOINT")+`"}`))
+ })
// Serve static files falling back to serving index.html
mainMux.Handle("/", middlewares.NoCache(http.FileServer(&common.FallBackWrapper{Assets: http.Dir(staticDir)})))
// Put it together into the main handler
diff --git a/app_demo/main.go b/app_demo/main.go
index 253abf9283eba9a46cee2ee13540c1164522b78f..fda8c2b3b6532a172ec83fd65f0e621d946f0aeb 100644
--- a/app_demo/main.go
+++ b/app_demo/main.go
@@ -66,7 +66,7 @@ func main() {
go http.ListenAndServe(mockOAuth2Port, mocks.CreateMockOAuth2())
fmt.Println("Mock OAuth2 server Listening on: http://localhost" + mockOAuth2Port)
// Start a mock API server if debug mode is on
- mockAPIPort := ":8091"
+ mockAPIPort := ":8092"
go http.ListenAndServe(mockAPIPort, mocks.CreateMockAPI())
fmt.Println("Mock API server Listening on: http://localhost" + mockAPIPort)
log.Logger.Fatal(http.ListenAndServeTLS(":"+strconv.Itoa(*httpsPort), "./dev_certificates/localhost.crt", "./dev_certificates/localhost.key", log.Middleware(rootMux.Mux)))
diff --git a/app_demo/up.sh b/app_demo/up.sh
new file mode 100755
index 0000000000000000000000000000000000000000..2ea6f87342bdc9d2b2b7a4dab5b33e8d227a2a2f
--- /dev/null
+++ b/app_demo/up.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+WD="$(
+ cd "$(dirname "$0")"
+ pwd -P
+)"
+
+# Start the demo app
+## Build the image if it doesn't exists
+docker stop wso2iam_appdemo && docker rm wso2iam_appdemo
+APP_DEMO_IMAGE=npernoud/wso2iam_appdemo
+#docker build -t ${APP_DEMO_IMAGE} .
+## Start the container
+docker run \
+ -d \
+ -p 1443:1443 \
+ -e REDIRECT_URL="https://sdk-go.127.0.0.1.nip.io:1443/OAuth2Callback" \
+ -e CLIENT_ID="im2IjE3hQqAScVLr_YgTbjAx75Ma" \
+ -e CLIENT_SECRET="5KlIN0zfMJy5p6Rs2yImd9ww2wQa" \
+ -e AUTH_URL="https://apis.grandlyon.fr/oauth2/authorize" \
+ -e TOKEN_URL="https://apis.grandlyon.fr/oauth2/token" \
+ -e USERINFO_URL="https://apis.grandlyon.fr/oauth2/userinfo" \
+ -e LOGOUT_URL="https://apis.grandlyon.fr/oidc/logout" \
+ -e ADMIN_GROUP="ADMINS" \
+ -e CLIENT_GROUP="USERS" \
+ -e HOSTNAME="sdk-go.127.0.0.1.nip.io" \
+ --name wso2iam_appdemo \
+ ${APP_DEMO_IMAGE} \
+ "-debug" "-https_port=1443"
diff --git a/app_demo/web/components/home/home.js b/app_demo/web/components/home/home.js
index 5bd0a7e236dedc7c4805a44f296dd55cd2144441..db98f41b465b5fd1cd499ea8f3ddad7490c04d66 100644
--- a/app_demo/web/components/home/home.js
+++ b/app_demo/web/components/home/home.js
@@ -12,7 +12,11 @@ export async function mount(where) {
const accessToken = urlParams.get("access_token");
let response;
try {
- response = await fetch("https://172.18.0.3:8243/demo/1", {
+ let apiConfiguration = await fetch("/APIConfiguration", {
+ method: "GET",
+ });
+ apiConfiguration = await apiConfiguration.json();
+ response = await fetch(apiConfiguration.endpoint, {
method: "GET",
headers: new Headers({
Authorization: "Bearer " + accessToken,
diff --git a/down.sh b/down.sh
index 9e18e5754665e396b95603d4d3501ab2a68eb487..9e042db77da97c59d05d3f397403e3bfe336e658 100755
--- a/down.sh
+++ b/down.sh
@@ -1,4 +1,6 @@
#!/bin/bash
+docker stop vestibule
+docker rm vestibule
docker stop wso2iam_keycloak
docker rm wso2iam_keycloak
docker stop wso2iam_wso2am
diff --git a/oauth2playground/Dockerfile b/oauth2playground/Dockerfile
deleted file mode 100644
index 1f820bb3ad6b2f61e1aba9666c3a1b4d895c3ff5..0000000000000000000000000000000000000000
--- a/oauth2playground/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM tomcat
-
-COPY playground2.war /usr/local/tomcat/webapps/
-
-COPY tomcat-users.xml /usr/local/tomcat/conf/
-
-CMD ["catalina.sh", "run"]
\ No newline at end of file
diff --git a/oauth2playground/tomcat-users.xml b/oauth2playground/tomcat-users.xml
deleted file mode 100644
index 04d5f986e8e63a381f95de15395f5150a51b3b7d..0000000000000000000000000000000000000000
--- a/oauth2playground/tomcat-users.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
- <role rolename="manager-gui"/>
- <user username="admin" password="admin" roles="manager-gui"/>
-</tomcat-users>
\ No newline at end of file
diff --git a/up.sh b/up.sh
index 8d4a527cadb61e784403082af650cfc524c8f5fa..1de22b56202d1f1726e40df386261b5dff87b725 100755
--- a/up.sh
+++ b/up.sh
@@ -6,57 +6,79 @@ WD="$(
# Tear down
$WD/down.sh
# Variables
-SUBNET=172.18.0.0
-GATEWAY_IP=172.18.0.1
-KEYCLOAK_IP=172.18.0.2
-WSO2AM_IP=172.18.0.3
-API_DEMO_IP=172.18.0.4
-APP_DEMO_IP=172.18.0.5
-OAUTH2_PLAYGROUND_IP=172.18.0.6
+ROOT_DOMAIN=vestibule.127.0.0.1.nip.io
+WSO2_VERSION=3.2.0
+APICTL_VERSION=3.2.1
+
+docker network create wso2iam
+
+# Get apictl
+if [ ! -f "${WD}/wso2am/apictl/apictl" ]; then
+ cd ${WD}/wso2am
+ wget https://product-dist.wso2.com/downloads/api-manager/cli/${APICTL_VERSION}/apictl-${APICTL_VERSION}-linux-x64.tar.gz
+ tar -zxvf apictl-${APICTL_VERSION}-linux-x64.tar.gz
+ rm -f apictl-${APICTL_VERSION}-linux-x64.tar.gz
+ cd ${WD}
+fi
# Permissions
sudo chown -Rf 802:802 $WD/wso2am/data
-# Create network
-docker network create --subnet ${SUBNET}/16 --gateway ${GATEWAY_IP} wso2iam
+# Create reverse proxy
+docker run -d --name vestibule \
+ --net host \
+ -v /etc/localtime:/etc/localtime:ro \
+ -v /etc/timezone:/etc/timezone:ro \
+ -v ${WD}/vestibule/configs:/app/configs \
+ -e REDIRECT_URL=https://${ROOT_DOMAIN}/OAuth2Callback \
+ -e CLIENT_ID=foo \
+ -e CLIENT_SECRET=bar \
+ -e AUTH_URL=http://localhost:8090/auth \
+ -e TOKEN_URL=http://localhost:8090/token \
+ -e USERINFO_URL=http://localhost:8090/admininfo \
+ -e LOGOUT_URL=/ \
+ -e ADMIN_ROLE=ADMINS \
+ -e HOSTNAME=${ROOT_DOMAIN} \
+ -e ONLYOFFICE_TITLE=VestibuleOffice \
+ -e ONLYOFFICE_SERVER=https://localhost:2443 \
+ -e INMEMORY_TOKEN_LIFE_DAYS=2 \
+ -p 443:443 \
+ nicolaspernoud/vestibule:development \
+ -debug
# Create keycloak container
-docker run \
- --ip ${KEYCLOAK_IP} \
- --add-host keycloak:${KEYCLOAK_IP} \
- --add-host wso2am:${WSO2AM_IP} \
- --add-host apidemo:${API_DEMO_IP} \
- --add-host appdemo:${APP_DEMO_IP} \
- --add-host oauth2playground:${OAUTH2_PLAYGROUND_IP} \
- --net wso2iam \
+docker run -d \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
+ -e KEYCLOAK_FRONTEND_URL="https://keycloak.${ROOT_DOMAIN}/auth" \
-e DB_VENDOR=h2 \
- -d \
-p 8080:8080 \
--name wso2iam_keycloak \
-e KEYCLOAK_IMPORT=/tmp/kc/Test.json \
-v $WD/keycloak:/tmp/kc \
- jboss/keycloak:9.0.3
+ jboss/keycloak:11.0.3
+
+# Create configuration file
+
+rm -f ${WD}/wso2am/configuration/deployment.toml
+cp ${WD}/wso2am/configuration/deployment.toml.template ${WD}/wso2am/configuration/deployment.toml
+APIM_HOSTNAME=apim.${ROOT_DOMAIN}
+GATEWAY_HOSTNAME=apis.${ROOT_DOMAIN}
+sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
+sed -i "s/%GATEWAY_HOSTNAME%/${GATEWAY_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
# Create WSO2 API Manager container
-docker run \
- --ip ${WSO2AM_IP} \
- --add-host keycloak:${KEYCLOAK_IP} \
- --add-host wso2am:${WSO2AM_IP} \
- --add-host apidemo:${API_DEMO_IP} \
- --add-host appdemo:${APP_DEMO_IP} \
- --add-host oauth2playground:${OAUTH2_PLAYGROUND_IP} \
- --net wso2iam \
- -d \
+docker run -d \
+ --net host \
-p 8280:8280 -p 8243:8243 -p 9443:9443 \
--name wso2iam_wso2am \
- -v ${WD}/wso2am/configuration/keycloak.xml:/home/wso2carbon/wso2am-3.1.0/repository/conf/identity/identity-providers/keycloak.xml \
- -v ${WD}/wso2am/apictl:/bin/apictl \
+ -v ${WD}/wso2am/configuration/keycloak.xml:/home/wso2carbon/wso2am-${WSO2_VERSION}/repository/conf/identity/identity-providers/keycloak.xml \
+ -v ${WD}/wso2am/configuration/deployment.toml:/home/wso2carbon/wso2am-3.2.0/repository/conf/deployment.toml \
+ -v ${WD}/wso2am/apictl/apictl:/bin/apictl \
-v ${WD}/wso2am/save_apis.sh:/bin/save_apis.sh \
-v ${WD}/wso2am/restore_apis.sh:/bin/restore_apis.sh \
-v ${WD}/wso2am/data:/home/wso2carbon/data \
- wso2/wso2am:3.1.0
+ wso2/wso2am:${WSO2_VERSION}
# Create demo api
## Build the image if it doesn't exists
@@ -65,16 +87,9 @@ if [[ "$(docker images -q ${API_DEMO_IMAGE} 2>/dev/null)" == "" ]]; then
docker build -t ${API_DEMO_IMAGE} ./api_demo
fi
## Start the container
-docker run \
- --ip ${API_DEMO_IP} \
- --add-host keycloak:${KEYCLOAK_IP} \
- --add-host wso2am:${WSO2AM_IP} \
- --add-host apidemo:${API_DEMO_IP} \
- --add-host appdemo:${APP_DEMO_IP} \
- --add-host oauth2playground:${OAUTH2_PLAYGROUND_IP} \
- --net wso2iam \
- -d \
- -p 8090:8090 \
+docker run -d \
+ --net host \
+ -p 8091:8091 \
--name wso2iam_apidemo \
${API_DEMO_IMAGE}
@@ -85,26 +100,20 @@ if [[ "$(docker images -q ${APP_DEMO_IMAGE} 2>/dev/null)" == "" ]]; then
docker build -t ${APP_DEMO_IMAGE} ./app_demo
fi
## Start the container
-docker run \
- --ip ${APP_DEMO_IP} \
- --add-host keycloak:${KEYCLOAK_IP} \
- --add-host wso2am:${WSO2AM_IP} \
- --add-host apidemo:${API_DEMO_IP} \
- --add-host appdemo:${APP_DEMO_IP} \
- --add-host oauth2playground:${OAUTH2_PLAYGROUND_IP} \
- --net wso2iam \
- -d \
+docker run -d \
-p 1443:1443 \
- -e REDIRECT_URL="https://${APP_DEMO_IP}:1443/OAuth2Callback" \
- -e CLIENT_ID="oWk0gPg6RlOR9IPu5IuZPJM8pUUa" \
- -e CLIENT_SECRET="ig4wfmGm5Jtho4B9Oh1UmdUMth8a" \
- -e AUTH_URL="https://172.18.0.3:9443/oauth2/authorize" \
- -e TOKEN_URL="https://172.18.0.3:9443/oauth2/token" \
- -e USERINFO_URL="https://172.18.0.3:9443/oauth2/userinfo" \
- -e LOGOUT_URL="https://172.18.0.3:9443/oidc/logout" \
+ --net host \
+ -e REDIRECT_URL="https://app.${ROOT_DOMAIN}/OAuth2Callback" \
+ -e CLIENT_ID="kllhFDGYPbH447G5JwfG9Qff84Ma" \
+ -e CLIENT_SECRET="xJn9V2UJoMQjzNZVtiYZgdp4La4a" \
+ -e AUTH_URL="https://apim.${ROOT_DOMAIN}/oauth2/authorize" \
+ -e TOKEN_URL="https://apim.${ROOT_DOMAIN}/oauth2/token" \
+ -e USERINFO_URL="https://apim.${ROOT_DOMAIN}/oauth2/userinfo" \
+ -e LOGOUT_URL="https://apim.${ROOT_DOMAIN}/oidc/logout" \
-e ADMIN_GROUP="GGD_ORG_DG-DEES-DINSI-DAAG_TOUS" \
-e CLIENT_GROUP="GGD_ORG_DG-DEES-DINSI-DAAG_TOUS" \
- -e HOSTNAME="${APP_DEMO_IP}" \
+ -e HOSTNAME="app.${ROOT_DOMAIN}" \
+ -e API_ENDPOINT="https://apis.${ROOT_DOMAIN}/demo/1/" \
--name wso2iam_appdemo \
${APP_DEMO_IMAGE} \
"-debug" "-https_port=1443"
@@ -112,29 +121,10 @@ docker run \
# Restore APIs
docker exec -it wso2iam_wso2am restore_apis.sh
-printf "> Open https://localhost:9443/carbon/application/list-service-providers.jsp and log with admin/admin.
+printf "
+> Open https://apim.vestibule.127.0.0.1.nip.io/carbon/application/list-service-providers.jsp and log with admin/admin.
> Edit the \"admin_Demo App_PRODUCTION\" service provider to select \"Authentication Type: Federated Authentication SHARED_keycloak\" in the \"Local & Outbound Authentication Configuration\" tab.
> Open once the https://172.18.0.3:8243/demo/1 url to allow the self signed certificate.
> Visit https://172.18.0.5:1443 to experience the demo (use wso2/wso2 to connect to Keycloak) !
-> Go to https://localhost:9443/devportal (log in with admin/admin) to change the token type if needed.
+> Go to https://apim.vestibule.127.0.0.1.nip.io/devportal (log in with admin/admin) to change the token type if needed.
"
-
-# # Start the playground app
-# ## Build the image if it doesn't exists
-# OAUTH2_PLAYGROUND_IMAGE=npernoud/wso2iam_oauth2playground
-# if [[ "$(docker images -q ${OAUTH2_PLAYGROUND_IMAGE} 2>/dev/null)" == "" ]]; then
-# docker build -t ${OAUTH2_PLAYGROUND_IMAGE} ./oauth2playground
-# fi
-# ## Start the container
-# docker run \
-# --ip ${OAUTH2_PLAYGROUND_IP} \
-# --add-host keycloak:${KEYCLOAK_IP} \
-# --add-host wso2am:${WSO2AM_IP} \
-# --add-host apidemo:${API_DEMO_IP} \
-# --add-host appdemo:${APP_DEMO_IP} \
-# --add-host oauth2playground:${OAUTH2_PLAYGROUND_IP} \
-# --net wso2iam \
-# -d \
-# -p 8081:8080 \
-# --name wso2iam_oauth2playground \
-# ${OAUTH2_PLAYGROUND_IMAGE}
diff --git a/vestibule/configs/apps.json b/vestibule/configs/apps.json
new file mode 100644
index 0000000000000000000000000000000000000000..acebc392c6e68986dacf7d5dac0c219d3fc3e708
--- /dev/null
+++ b/vestibule/configs/apps.json
@@ -0,0 +1,52 @@
+[
+ {
+ "id": 1,
+ "name": "Keycloak",
+ "icon": "unlock-alt",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "keycloak.vestibule.127.0.0.1.nip.io",
+ "forwardTo": "localhost:8080",
+ "secured": false
+ },
+ {
+ "id": 2,
+ "name": "API Manager",
+ "icon": "hands-helping",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "apim.vestibule.127.0.0.1.nip.io",
+ "forwardTo": "https://localhost:9443",
+ "secured": false
+ },
+ {
+ "id": 3,
+ "name": "API Gateway",
+ "icon": "wind",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "apis.vestibule.127.0.0.1.nip.io",
+ "forwardTo": "localhost:8280",
+ "secured": false
+ },
+ {
+ "id": 4,
+ "name": "API Demo",
+ "icon": "volleyball-ball",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "api.vestibule.127.0.0.1.nip.io",
+ "forwardTo": "localhost:8092",
+ "secured": false
+ },
+ {
+ "id": 5,
+ "name": "App Demo",
+ "icon": "window-maximize",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "app.vestibule.127.0.0.1.nip.io",
+ "forwardTo": "https://localhost:1443",
+ "secured": false
+ }
+]
\ No newline at end of file
diff --git a/vestibule/configs/davs.json b/vestibule/configs/davs.json
new file mode 100644
index 0000000000000000000000000000000000000000..0637a088a01e8ddab3bf3fa98dbe804cbde1a0dc
--- /dev/null
+++ b/vestibule/configs/davs.json
@@ -0,0 +1 @@
+[]
\ No newline at end of file
diff --git a/vestibule/configs/ipgeodatabase/GeoLite2-City.mmdb b/vestibule/configs/ipgeodatabase/GeoLite2-City.mmdb
new file mode 100644
index 0000000000000000000000000000000000000000..c237d375c1c1bc842568e333901648d10d0e2d2b
Binary files /dev/null and b/vestibule/configs/ipgeodatabase/GeoLite2-City.mmdb differ
diff --git a/vestibule/configs/tokenskey.json b/vestibule/configs/tokenskey.json
new file mode 100644
index 0000000000000000000000000000000000000000..a039c7a74ba2aa095a36687fffe68fa7e7ff6216
--- /dev/null
+++ b/vestibule/configs/tokenskey.json
@@ -0,0 +1,3 @@
+{
+ "Key": "BFSosT5yUy0tfRLqUB0BPclsxJCm0oY9VaWRRz3G0YA="
+}
\ No newline at end of file
diff --git a/vestibule/configs/users.json b/vestibule/configs/users.json
new file mode 100644
index 0000000000000000000000000000000000000000..17c8a65b5bd21b0a2559cf540c3dbe266b81e197
--- /dev/null
+++ b/vestibule/configs/users.json
@@ -0,0 +1,19 @@
+[
+ {
+ "id": "1",
+ "login": "admin",
+ "email": "nicolas@vestibule.127.0.0.1.nip.io",
+ "memberOf": [
+ "ADMINS"
+ ],
+ "passwordHash": "$2a$10$w6aIsC8lfMSB9tXIDRgk9OztQS.4gBQA9Uoi0X7mCzz5mlTRIx4tq"
+ },
+ {
+ "id": "2",
+ "login": "user",
+ "memberOf": [
+ "USERS"
+ ],
+ "passwordHash": "$2a$10$PgiAoLxZhgNtr7kRK/DH5ezwT./7vRkWqFNEtJD1670z3Zf60HqgG"
+ }
+]
\ No newline at end of file
diff --git a/vestibule/up.sh b/vestibule/up.sh
new file mode 100755
index 0000000000000000000000000000000000000000..ceb4462716f12917a02f9f37ab1891a91423b9cc
--- /dev/null
+++ b/vestibule/up.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+WD="$(
+ cd "$(dirname "$0")"
+ pwd -P
+)"
+docker stop vestibule && docker rm vestibule
+docker run -d --name vestibule \
+ -v /etc/localtime:/etc/localtime:ro \
+ -v /etc/timezone:/etc/timezone:ro \
+ -v ${WD}/configs:/app/configs \
+ -e REDIRECT_URL=https://vestibule.127.0.0.1.nip.io:1443/OAuth2Callback \
+ -e CLIENT_ID=foo \
+ -e CLIENT_SECRET=bar \
+ -e AUTH_URL=http://localhost:8090/auth \
+ -e TOKEN_URL=http://localhost:8090/token \
+ -e USERINFO_URL=http://localhost:8090/admininfo \
+ -e LOGOUT_URL=/ \
+ -e ADMIN_ROLE=ADMINS \
+ -e HOSTNAME=vestibule.127.0.0.1.nip.io \
+ -e ONLYOFFICE_TITLE=VestibuleOffice \
+ -e ONLYOFFICE_SERVER=https://localhost:2443 \
+ -e INMEMORY_TOKEN_LIFE_DAYS=2 \
+ -p 443:443 \
+ nicolaspernoud/vestibule:development \
+ -debug
diff --git a/wso2am/apictl/LICENSE b/wso2am/apictl/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..8dada3edaf50dbc082c9a125058f25def75e625a
--- /dev/null
+++ b/wso2am/apictl/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "{}"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright {yyyy} {name of copyright owner}
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/wso2am/apictl/README.html b/wso2am/apictl/README.html
new file mode 100644
index 0000000000000000000000000000000000000000..b78953b7b78a304f474ae8451a1489f8a1810231
--- /dev/null
+++ b/wso2am/apictl/README.html
@@ -0,0 +1,327 @@
+<h1 id="cli-for-importing-and-exporting-apis-and-applications">CLI for Importing and Exporting APIs and Applications</h1>
+<h2 id="for-wso2-api-manager-3-2.0">For WSO2 API Manager 3.2.0</h2>
+<p>Command Line tool for importing and exporting APIs and Applications between different API Environments</p>
+<h2 id="getting-started">Getting Started</h2>
+<ul>
+ <li><h3 id="running">Running</h3>
+ <p> Select a generated archive suitable for your platform (Mac, Windows, Linux) and extract it to a desired
+ location and <code>cd</code> into it.<br> Then execute <code>apictl</code> to start the application.</p>
+ <blockquote>
+ <p>NOTE: Execute <code>./apictl</code> if the working directory is the same where the executable resides
+ </p>
+ <p>Add the location of extracted folder to your system's $PATH variable to access the executable from
+ anywhere </p>
+ </blockquote>
+ <p> Execute <code>apictl --help</code> for further instructions.</p>
+ </li>
+ <li><h3 id="adding-environments">Adding Environments</h3>
+ <p> Add environments by either manually editing <code>$HOME/.wso2apictl/main_config.yaml</code> or using the
+ command<br> <code>apictl add-env</code>.</p>
+ <blockquote>
+ <p>NOTE: Directory structure for configuration files (<code>$HOME/.wso2apictl</code>) will be created upon
+ execution of <code>apictl</code></p>
+ </blockquote>
+ <p> Execute <code>apictl add-env --help</code> for detailed instructions</p>
+ <blockquote>
+ <p>The flags <code>--environment (-e)</code> and <code>--token</code> are mandatory.
+ You can either provide only the 2 flags <code>--apim</code> and <code>--token</code>, or all the other 5 flags (<code>--registration</code>, <code>--publisher</code>, <code>--devportal</code>, <code>--admin</code>, <code>--token</code>) without providing <code>--apim</code> flag.
+ If you are omitting any of --registration --publisher --devportal --admin flags, you need to specify --apim flag with the API Manager endpoint.</p>
+ </blockquote>
+ </li>
+ <li><h3 id="command-autocompletion-for-bash-only-">Command Autocompletion (For Bash Only)</h3>
+ <p> Copy the file <code>apictl_bash_completion.sh</code> to <code>/etc/bash_completion.d/</code> and source it
+ with<br> <code>source /etc/bash_completion.d/apictl_bash_completion.sh</code> to enable bash
+ auto-completion.</p>
+ </li>
+</ul>
+<hr>
+<h2 id="usage">Usage</h2>
+<pre><code class="lang-bash"> apictl [command]
+</code></pre>
+<h4 id="global-flags">Global Flags</h4>
+<pre><code class="lang-bash"> --verbose
+ Enable verbose logs (Provides more information on execution)
+ --insecure, -k
+ Allow connections to SSL sites without certs
+ --help, -h
+ Display information and example usage of a command
+</code></pre>
+<h3 id="commands">Commands</h3>
+<ul>
+ <li><h4 id="login">login [environment]</h4>
+ <pre><code class="lang-bash"> Flags:
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ Examples:
+ apictl login dev -u admin -p admin
+ apictl login dev -u admin
+ apictl login dev
+ cat ~/.mypassword | apictl login dev -u admin
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="logout">logout [environment]</h4>
+ <pre><code class="lang-bash"> Examples:
+ apictl logout dev
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="export-api">export-api</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --version, -v
+ --provider, -r
+ --environment, -e
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ Examples:
+ apictl export-api -n TestAPI -v 1.0.1 -r admin -e staging
+ apictl export-api -n TestAPI -v 1.0.1 -r admin -e staging -u admin -p 123456
+ apictl export-api -n TestAPI -v 1.0.1 -r admin -e staging -u admin
+ apictl export-api -n TestAPI -v 1.0.1 -r admin -e staging -p 123456
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="import-api">import-api</h4>
+ </li>
+</ul>
+<pre><code class="lang-bash"> Flags:
+ Required:
+ --file, -f
+ --environment, -e
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ Examples:
+ apictl import-api -f dev/TestAPI_1.0.0.zip -e dev
+ apictl import-api -f qa/TestAPI_2.0.0.zip -e dev -u admin -p 123456
+ apictl import-api -f staging/TestAPI_1.1.zip -e dev -u admin
+ apictl import-api -f production/TestAPI_3.0.1.zip -e dev -p 123456
+ apictl import-api -f TestAPI -e dev
+</code></pre>
+<ul>
+ <li><h4 id="export-app">export-app</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --owner, -o
+ --environment, -e
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ Examples:
+ apictl export-app -n SampleApp -o admin -e dev
+ apictl export-app -n SampleApp -o admin -e prod
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="import-app">import-app</h4>
+ </li>
+</ul>
+<pre><code class="lang-bash"> Flags:
+ Required
+ --file, -f
+ --environment, -e
+ Optional
+ --skipSubscriptions, -s
+ --owner, -o
+ --preserveOwner, -r
+ --file, -f
+ --environment, -e
+ Examples:
+ apictl import-app -f qa/apps/sampleApp.zip -e dev
+ apictl Import App -f staging/apps/sampleApp.zip -e prod -o testUser -u admin -p admin
+ apictl import-app -f qa/apps/sampleApp.zip --preserveOwner --skipSubscriptions -e staging
+</code></pre>
+<ul>
+ <li><h4 id="list-apis">list apis</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --environment, -e
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ --query, -q
+ Examples:
+ apictl list apis -e dev
+ apictl list apis -e prod -q version:1.0.0
+ apictl list apis -e prod -q provider:admin
+ apictl list apis -e staging
+</code></pre>
+ </li>
+ <li><h4 id="list-apps">list apps</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required
+ --environment, -e
+ --owner, -o
+ Optional
+ --username, -u
+ --password, -p
+ Examples:
+ apictl list apps -e dev -o admin
+ apictl list apps -e staging -o sampleUser
+</code></pre>
+ </li>
+ <li><h4 id="list-envs">list envs</h4>
+ <pre><code class="lang-bash"> Flags:
+ None
+ Example:
+ apictl list envs
+</code></pre>
+ </li>
+ <li><h4 id="add-env">add-env</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --environment, -e (Name of the environment)
+ AND
+ --apim (API Manager endpoint)
+ OR (the following 4)
+ --registration https://localhost:9443 \
+ --publisher https://localhost:9443 \
+ --devportal https://localhost:9443 \
+ --admin https://localhost:9443
+ Optional:
+ --token (Token Endpoint)
+
+ Examples:
+ apictl add-env -e dev \
+ --apim https://localhost:9443
+
+ apictl add-env -e staging \
+ --registration https://idp.com:9443 \
+ --publisher https://apim.com:9443 \
+ --devportal https://apps.com:9443 \
+ --admin https://apim.com:9443 \
+ --token https://gw.com:8243/token
+
+ apictl add-env -e prod \
+ --apim https://apim.com:9443 \
+ --registration https://idp.com:9443 \
+ --token https://gw.com:8243/token
+</code></pre>
+ </li>
+ <li><h4 id="remove-env">remove env</h4>
+ </li>
+</ul>
+<pre><code class="lang-bash"> Flags:
+ Required:
+ --environment, -e (Name of the environment)
+ Examples:
+ apictl remove-env -e dev
+</code></pre>
+<ul>
+ <li><h4 id="reset-user">reset-user</h4>
+ </li>
+</ul>
+<pre><code class="lang-bash"> Flags
+ --environment, -e
+ Examples:
+ apictl reset-user -e dev
+</code></pre>
+<ul>
+ <li><h4 id="version">version</h4>
+ <pre><code class="lang-bash"> apictl version
+</code></pre>
+ </li>
+ <li><h4 id="set">set</h4>
+ <pre><code class="lang-bash"> Flags
+ --http-request-timeout
+ --export-directory
+ Examples:
+ apictl set --http-request-timeout 10000
+ apictl set --export-directory /home/user/exported
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="get-keys">get-keys</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --version, -v
+ --environment, -e
+ Optional:
+ --username, -u
+ --password, -p
+ NOTE: user will be prompted to enter credentials if they are not provided with these flags
+ Examples:
+ apictl get-keys -n PizzaShackAPI --version 1.0.0 -e dev --provider admin
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="delete-api">delete api</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --version, -v
+ --environment, -e
+ Optional:
+ --provider, -r
+ NOTE: User will be prompted to enter credentials if the user is not logged in to the environment.
+ Examples:
+ apictl delete api -n TestAPI -v 1.0.0 -r admin -e staging
+ apictl delete api -n TestAPI -v 1.0.0 -e production
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="delete-api-product">delete api-product</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --environment, -e
+ Optional:
+ --provider, -r
+ --version, -v
+ NOTE: User will be prompted to enter credentials if the user is not logged in to the environment.
+ Examples:
+ apictl delete api-product -n TwitterAPI -r admin -e dev
+ apictl delete api-product -n FacebookAPI -v 1.0.0 -e production
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="delete-app">delete app</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --name, -n
+ --environment, -e
+ Optional:
+ --owner, -o
+ NOTE: User will be prompted to enter credentials if the user is not logged in to the environment.
+ Examples:
+ apictl delete app -n TestAPI -o admin -e staging
+ apictl delete app -n TestAPI -e production
+</code></pre>
+ </li>
+</ul>
+<ul>
+ <li><h4 id="change-status-api">change-status api</h4>
+ <pre><code class="lang-bash"> Flags:
+ Required:
+ --action, -a
+ --name, -n
+ --version, -v
+ --environment, -e
+ Optional:
+ --provider, -r
+ NOTE: User will be prompted to enter credentials if the user is not logged in to the environment.
+ Examples:
+ apictl change-status api -a Publish -n TestAPI -v 1.0.0 -r admin -e staging
+ apictl change-status api -a Publish -n TestAPI -v 1.0.0 -e production
+</code></pre>
+ </li>
+</ul>
diff --git a/wso2am/apictl b/wso2am/apictl/apictl
similarity index 68%
rename from wso2am/apictl
rename to wso2am/apictl/apictl
index a7ec8711237cbf3f8e8b33b7e12c739559029071..3876adf516e7111f35ad479360ae60a0c40e9987 100755
Binary files a/wso2am/apictl and b/wso2am/apictl/apictl differ
diff --git a/wso2am/configuration/deployment.toml b/wso2am/configuration/deployment.toml
new file mode 100644
index 0000000000000000000000000000000000000000..00c706825f4a552d320cf5e3fd7de47acdd40043
--- /dev/null
+++ b/wso2am/configuration/deployment.toml
@@ -0,0 +1,262 @@
+[transport.https.properties]
+proxyPort = 443
+[server]
+hostname = "apim.vestibule.127.0.0.1.nip.io"
+node_ip = "127.0.0.1"
+#offset=0
+mode = "single" #single or ha
+base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
+#discard_empty_caches = false
+server_role = "default"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.apim_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[database.shared_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[keystore.tls]
+file_name = "wso2carbon.jks"
+type = "JKS"
+password = "wso2carbon"
+alias = "wso2carbon"
+key_password = "wso2carbon"
+
+#[keystore.primary]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+#[keystore.internal]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+[[apim.gateway.environment]]
+name = "Production and Sandbox"
+type = "hybrid"
+display_in_api_console = true
+description = "This is a hybrid gateway that handles both production and sandbox token traffic."
+show_as_token_endpoint_url = true
+service_url = "https://localhost:${mgt.transport.https.port}/services/"
+username= "${admin.username}"
+password= "${admin.password}"
+ws_endpoint = "ws://apis.vestibule.127.0.0.1.nip.io:9099"
+wss_endpoint = "wss://apis.vestibule.127.0.0.1.nip.io:8099"
+http_endpoint = "http://apis.vestibule.127.0.0.1.nip.io:${http.nio.port}"
+https_endpoint = "https://apis.vestibule.127.0.0.1.nip.io"
+
+#[apim.cache.gateway_token]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.resource]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.km_token]
+#enable = false
+#expiry_time = "15m"
+
+#[apim.cache.recent_apis]
+#enable = false
+
+#[apim.cache.scopes]
+#enable = true
+
+#[apim.cache.publisher_roles]
+#enable = true
+
+#[apim.cache.jwt_claim]
+#enable = true
+#expiry_time = "15m"
+
+#[apim.cache.tags]
+#expiry_time = "2m"
+
+#[apim.analytics]
+#enable = false
+#store_api_url = "https://localhost:7444"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#event_publisher_type = "default"
+#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
+#publish_response_size = true
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
+#analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
+#type = "loadbalance"
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
+#analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
+#type = "failover"
+
+#[apim.key_manager]
+#service_url = "https://localhost:${mgt.transport.https.port}/services/"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#pool.init_idle_capacity = 50
+#pool.max_idle = 100
+#key_validation_handler_type = "default"
+#key_validation_handler_type = "custom"
+#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
+
+[apim.idp]
+server_url = "https://apim.vestibule.127.0.0.1.nip.io"
+authorize_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oauth2/authorize"
+oidc_logout_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oidc/logout"
+oidc_check_session_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oidc/checksession"
+
+#[apim.jwt]
+#enable = true
+#encoding = "base64" # base64,base64url
+#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
+#claim_dialect = "http://wso2.org/claims"
+#convert_dialect = false
+#header = "X-JWT-Assertion"
+#signing_algorithm = "SHA256withRSA"
+#enable_user_claims = true
+#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+
+#[apim.oauth_config]
+#enable_outbound_auth_header = false
+#auth_header = "Authorization"
+#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+#enable_token_encryption = false
+#enable_token_hashing = false
+
+[apim.devportal]
+url = "https://apim.vestibule.127.0.0.1.nip.io/devportal"
+#enable_application_sharing = false
+#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
+#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
+#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
+#display_multiple_versions = false
+#display_deprecated_apis = false
+#enable_comments = true
+#enable_ratings = true
+#enable_forum = true
+#enable_anonymous_mode=true
+
+[apim.cors]
+allow_origins = "*"
+allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
+allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey"]
+allow_credentials = false
+
+#[apim.throttling]
+#enable_data_publishing = true
+#enable_policy_deploy = true
+#enable_blacklist_condition = true
+#enable_persistence = true
+#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
+
+#[apim.throttling.blacklist_condition]
+#start_delay = "5m"
+#period = "1h"
+
+#[apim.throttling.jms]
+#start_delay = "5m"
+
+#[apim.throttling.event_sync]
+#hostName = "0.0.0.0"
+#port = 11224
+
+#[apim.throttling.event_management]
+#hostName = "0.0.0.0"
+#port = 10005
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "loadbalance"
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "failover"
+
+#[apim.workflow]
+#enable = false
+#service_url = "https://localhost:9445/bpmn"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
+#token_endpoint = "https://localhost:${https.nio.port}/token"
+#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
+#client_registration_username = "$ref{super_admin.username}"
+#client_registration_password = "$ref{super_admin.password}"
+
+#data bridge config
+#[transport.receiver]
+#type = "binary"
+#worker_threads = 10
+#session_timeout = "30m"
+#keystore.file_name = "$ref{keystore.tls.file_name}"
+#keystore.password = "$ref{keystore.tls.password}"
+#tcp_port = 9611
+#ssl_port = 9711
+#ssl_receiver_thread_pool_size = 100
+#tcp_receiver_thread_pool_size = 100
+#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
+#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
+
+#[apim.notification]
+#from_address = "APIM.com"
+#username = "APIM"
+#password = "APIM+123"
+#hostname = "localhost"
+#port = 3025
+#enable_start_tls = false
+#enable_authentication = true
+
+#[apim.token.revocation]
+#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+#enable_realtime_notifier = true
+#realtime_notifier.ttl = 5000
+#enable_persistent_notifier = true
+#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
+#persistent_notifier.ttl = 5000
+#persistent_notifier.username = "root"
+#persistent_notifier.password = "root"
+
+[[event_handler]]
+name="userPostSelfRegistration"
+subscriptions=["POST_ADD_USER"]
+
+[service_provider]
+sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
+
+[database.local]
+url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
+
+[[event_listener]]
+id = "token_revocation"
+type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
+name = "org.wso2.is.notification.ApimOauthEventInterceptor"
+order = 1
+[event_listener.properties]
+notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
+username = "${admin.username}"
+password = "${admin.password}"
+'header.X-WSO2-KEY-MANAGER' = "default"
\ No newline at end of file
diff --git a/wso2am/configuration/deployment.toml.original b/wso2am/configuration/deployment.toml.original
new file mode 100644
index 0000000000000000000000000000000000000000..003e3d6f87e46bb4164645b69d3a41a3ec01bb2c
--- /dev/null
+++ b/wso2am/configuration/deployment.toml.original
@@ -0,0 +1,260 @@
+[server]
+hostname = "localhost"
+node_ip = "127.0.0.1"
+#offset=0
+mode = "single" #single or ha
+base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
+#discard_empty_caches = false
+server_role = "default"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.apim_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[database.shared_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[keystore.tls]
+file_name = "wso2carbon.jks"
+type = "JKS"
+password = "wso2carbon"
+alias = "wso2carbon"
+key_password = "wso2carbon"
+
+#[keystore.primary]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+#[keystore.internal]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+[[apim.gateway.environment]]
+name = "Production and Sandbox"
+type = "hybrid"
+display_in_api_console = true
+description = "This is a hybrid gateway that handles both production and sandbox token traffic."
+show_as_token_endpoint_url = true
+service_url = "https://localhost:${mgt.transport.https.port}/services/"
+username= "${admin.username}"
+password= "${admin.password}"
+ws_endpoint = "ws://localhost:9099"
+wss_endpoint = "wss://localhost:8099"
+http_endpoint = "http://localhost:${http.nio.port}"
+https_endpoint = "https://localhost:${https.nio.port}"
+
+#[apim.cache.gateway_token]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.resource]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.km_token]
+#enable = false
+#expiry_time = "15m"
+
+#[apim.cache.recent_apis]
+#enable = false
+
+#[apim.cache.scopes]
+#enable = true
+
+#[apim.cache.publisher_roles]
+#enable = true
+
+#[apim.cache.jwt_claim]
+#enable = true
+#expiry_time = "15m"
+
+#[apim.cache.tags]
+#expiry_time = "2m"
+
+#[apim.analytics]
+#enable = false
+#store_api_url = "https://localhost:7444"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#event_publisher_type = "default"
+#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
+#publish_response_size = true
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
+#analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
+#type = "loadbalance"
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
+#analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
+#type = "failover"
+
+#[apim.key_manager]
+#service_url = "https://localhost:${mgt.transport.https.port}/services/"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#pool.init_idle_capacity = 50
+#pool.max_idle = 100
+#key_validation_handler_type = "default"
+#key_validation_handler_type = "custom"
+#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
+
+#[apim.idp]
+#server_url = "https://localhost:${mgt.transport.https.port}"
+#authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize"
+#oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout"
+#oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession"
+
+#[apim.jwt]
+#enable = true
+#encoding = "base64" # base64,base64url
+#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
+#claim_dialect = "http://wso2.org/claims"
+#convert_dialect = false
+#header = "X-JWT-Assertion"
+#signing_algorithm = "SHA256withRSA"
+#enable_user_claims = true
+#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+
+#[apim.oauth_config]
+#enable_outbound_auth_header = false
+#auth_header = "Authorization"
+#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+#enable_token_encryption = false
+#enable_token_hashing = false
+
+#[apim.devportal]
+#url = "https://localhost:${mgt.transport.https.port}/devportal"
+#enable_application_sharing = false
+#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
+#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
+#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
+#display_multiple_versions = false
+#display_deprecated_apis = false
+#enable_comments = true
+#enable_ratings = true
+#enable_forum = true
+#enable_anonymous_mode=true
+
+[apim.cors]
+allow_origins = "*"
+allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
+allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey"]
+allow_credentials = false
+
+#[apim.throttling]
+#enable_data_publishing = true
+#enable_policy_deploy = true
+#enable_blacklist_condition = true
+#enable_persistence = true
+#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
+
+#[apim.throttling.blacklist_condition]
+#start_delay = "5m"
+#period = "1h"
+
+#[apim.throttling.jms]
+#start_delay = "5m"
+
+#[apim.throttling.event_sync]
+#hostName = "0.0.0.0"
+#port = 11224
+
+#[apim.throttling.event_management]
+#hostName = "0.0.0.0"
+#port = 10005
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "loadbalance"
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "failover"
+
+#[apim.workflow]
+#enable = false
+#service_url = "https://localhost:9445/bpmn"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
+#token_endpoint = "https://localhost:${https.nio.port}/token"
+#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
+#client_registration_username = "$ref{super_admin.username}"
+#client_registration_password = "$ref{super_admin.password}"
+
+#data bridge config
+#[transport.receiver]
+#type = "binary"
+#worker_threads = 10
+#session_timeout = "30m"
+#keystore.file_name = "$ref{keystore.tls.file_name}"
+#keystore.password = "$ref{keystore.tls.password}"
+#tcp_port = 9611
+#ssl_port = 9711
+#ssl_receiver_thread_pool_size = 100
+#tcp_receiver_thread_pool_size = 100
+#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
+#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
+
+#[apim.notification]
+#from_address = "APIM.com"
+#username = "APIM"
+#password = "APIM+123"
+#hostname = "localhost"
+#port = 3025
+#enable_start_tls = false
+#enable_authentication = true
+
+#[apim.token.revocation]
+#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+#enable_realtime_notifier = true
+#realtime_notifier.ttl = 5000
+#enable_persistent_notifier = true
+#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
+#persistent_notifier.ttl = 5000
+#persistent_notifier.username = "root"
+#persistent_notifier.password = "root"
+
+[[event_handler]]
+name="userPostSelfRegistration"
+subscriptions=["POST_ADD_USER"]
+
+[service_provider]
+sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
+
+[database.local]
+url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
+
+[[event_listener]]
+id = "token_revocation"
+type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
+name = "org.wso2.is.notification.ApimOauthEventInterceptor"
+order = 1
+[event_listener.properties]
+notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
+username = "${admin.username}"
+password = "${admin.password}"
+'header.X-WSO2-KEY-MANAGER' = "default"
\ No newline at end of file
diff --git a/wso2am/configuration/deployment.toml.template b/wso2am/configuration/deployment.toml.template
new file mode 100644
index 0000000000000000000000000000000000000000..3adc35172563624b5b5377eb0242f61c7cb42d8a
--- /dev/null
+++ b/wso2am/configuration/deployment.toml.template
@@ -0,0 +1,262 @@
+[transport.https.properties]
+proxyPort = 443
+[server]
+hostname = "%APIM_HOSTNAME%"
+node_ip = "127.0.0.1"
+#offset=0
+mode = "single" #single or ha
+base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
+#discard_empty_caches = false
+server_role = "default"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.apim_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[database.shared_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[keystore.tls]
+file_name = "wso2carbon.jks"
+type = "JKS"
+password = "wso2carbon"
+alias = "wso2carbon"
+key_password = "wso2carbon"
+
+#[keystore.primary]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+#[keystore.internal]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+[[apim.gateway.environment]]
+name = "Production and Sandbox"
+type = "hybrid"
+display_in_api_console = true
+description = "This is a hybrid gateway that handles both production and sandbox token traffic."
+show_as_token_endpoint_url = true
+service_url = "https://localhost:${mgt.transport.https.port}/services/"
+username= "${admin.username}"
+password= "${admin.password}"
+ws_endpoint = "ws://%GATEWAY_HOSTNAME%:9099"
+wss_endpoint = "wss://%GATEWAY_HOSTNAME%:8099"
+http_endpoint = "http://%GATEWAY_HOSTNAME%:${http.nio.port}"
+https_endpoint = "https://%GATEWAY_HOSTNAME%"
+
+#[apim.cache.gateway_token]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.resource]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.km_token]
+#enable = false
+#expiry_time = "15m"
+
+#[apim.cache.recent_apis]
+#enable = false
+
+#[apim.cache.scopes]
+#enable = true
+
+#[apim.cache.publisher_roles]
+#enable = true
+
+#[apim.cache.jwt_claim]
+#enable = true
+#expiry_time = "15m"
+
+#[apim.cache.tags]
+#expiry_time = "2m"
+
+#[apim.analytics]
+#enable = false
+#store_api_url = "https://localhost:7444"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#event_publisher_type = "default"
+#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
+#publish_response_size = true
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
+#analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
+#type = "loadbalance"
+
+#[[apim.analytics.url_group]]
+#analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
+#analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
+#type = "failover"
+
+#[apim.key_manager]
+#service_url = "https://localhost:${mgt.transport.https.port}/services/"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#pool.init_idle_capacity = 50
+#pool.max_idle = 100
+#key_validation_handler_type = "default"
+#key_validation_handler_type = "custom"
+#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
+
+[apim.idp]
+server_url = "https://%APIM_HOSTNAME%"
+authorize_endpoint = "https://%APIM_HOSTNAME%/oauth2/authorize"
+oidc_logout_endpoint = "https://%APIM_HOSTNAME%/oidc/logout"
+oidc_check_session_endpoint = "https://%APIM_HOSTNAME%/oidc/checksession"
+
+#[apim.jwt]
+#enable = true
+#encoding = "base64" # base64,base64url
+#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
+#claim_dialect = "http://wso2.org/claims"
+#convert_dialect = false
+#header = "X-JWT-Assertion"
+#signing_algorithm = "SHA256withRSA"
+#enable_user_claims = true
+#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+
+#[apim.oauth_config]
+#enable_outbound_auth_header = false
+#auth_header = "Authorization"
+#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+#enable_token_encryption = false
+#enable_token_hashing = false
+
+[apim.devportal]
+url = "https://%APIM_HOSTNAME%/devportal"
+#enable_application_sharing = false
+#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
+#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
+#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
+#display_multiple_versions = false
+#display_deprecated_apis = false
+#enable_comments = true
+#enable_ratings = true
+#enable_forum = true
+#enable_anonymous_mode=true
+
+[apim.cors]
+allow_origins = "*"
+allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
+allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey"]
+allow_credentials = false
+
+#[apim.throttling]
+#enable_data_publishing = true
+#enable_policy_deploy = true
+#enable_blacklist_condition = true
+#enable_persistence = true
+#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
+
+#[apim.throttling.blacklist_condition]
+#start_delay = "5m"
+#period = "1h"
+
+#[apim.throttling.jms]
+#start_delay = "5m"
+
+#[apim.throttling.event_sync]
+#hostName = "0.0.0.0"
+#port = 11224
+
+#[apim.throttling.event_management]
+#hostName = "0.0.0.0"
+#port = 10005
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "loadbalance"
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "failover"
+
+#[apim.workflow]
+#enable = false
+#service_url = "https://localhost:9445/bpmn"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
+#token_endpoint = "https://localhost:${https.nio.port}/token"
+#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
+#client_registration_username = "$ref{super_admin.username}"
+#client_registration_password = "$ref{super_admin.password}"
+
+#data bridge config
+#[transport.receiver]
+#type = "binary"
+#worker_threads = 10
+#session_timeout = "30m"
+#keystore.file_name = "$ref{keystore.tls.file_name}"
+#keystore.password = "$ref{keystore.tls.password}"
+#tcp_port = 9611
+#ssl_port = 9711
+#ssl_receiver_thread_pool_size = 100
+#tcp_receiver_thread_pool_size = 100
+#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
+#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
+
+#[apim.notification]
+#from_address = "APIM.com"
+#username = "APIM"
+#password = "APIM+123"
+#hostname = "localhost"
+#port = 3025
+#enable_start_tls = false
+#enable_authentication = true
+
+#[apim.token.revocation]
+#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+#enable_realtime_notifier = true
+#realtime_notifier.ttl = 5000
+#enable_persistent_notifier = true
+#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
+#persistent_notifier.ttl = 5000
+#persistent_notifier.username = "root"
+#persistent_notifier.password = "root"
+
+[[event_handler]]
+name="userPostSelfRegistration"
+subscriptions=["POST_ADD_USER"]
+
+[service_provider]
+sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
+
+[database.local]
+url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
+
+[[event_listener]]
+id = "token_revocation"
+type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
+name = "org.wso2.is.notification.ApimOauthEventInterceptor"
+order = 1
+[event_listener.properties]
+notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
+username = "${admin.username}"
+password = "${admin.password}"
+'header.X-WSO2-KEY-MANAGER' = "default"
\ No newline at end of file
diff --git a/wso2am/data/apis/Demo API_1.zip b/wso2am/data/apis/Demo API_1.zip
deleted file mode 100644
index 3648e37f97f2141a25be6cfbefbff6d6f28013d1..0000000000000000000000000000000000000000
Binary files a/wso2am/data/apis/Demo API_1.zip and /dev/null differ
diff --git a/wso2am/data/apis/DemoAPI_1.zip b/wso2am/data/apis/DemoAPI_1.zip
deleted file mode 100644
index 7a293de8f024f494944ba525ef7941f2953cef3f..0000000000000000000000000000000000000000
Binary files a/wso2am/data/apis/DemoAPI_1.zip and /dev/null differ
diff --git a/wso2am/data/apis/Demo_API_1.zip b/wso2am/data/apis/Demo_API_1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..89ca9d2cd74f6aada6601cf2f3bcdbb9f8dd47c6
Binary files /dev/null and b/wso2am/data/apis/Demo_API_1.zip differ
diff --git a/wso2am/data/apps/admin_Demo App.zip b/wso2am/data/apps/admin_Demo App.zip
deleted file mode 100644
index 479cb3eab3464b5e68402ec30b760dcdf5e04ef3..0000000000000000000000000000000000000000
Binary files a/wso2am/data/apps/admin_Demo App.zip and /dev/null differ
diff --git a/wso2am/data/apps/admin_Demo_APP.zip b/wso2am/data/apps/admin_Demo_APP.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3cd89cb625f0456d52f77d64e780e8e176aa0e51
Binary files /dev/null and b/wso2am/data/apps/admin_Demo_APP.zip differ
diff --git a/wso2am/restore_apis.sh b/wso2am/restore_apis.sh
index 82d75649313a1e0a3da529a4b45e8cac3e93c9d1..37e461ff02acdc496b2ded5847ee08e0db999050 100755
--- a/wso2am/restore_apis.sh
+++ b/wso2am/restore_apis.sh
@@ -6,4 +6,4 @@ until apictl login dev -u admin -p admin -k; do
echo "::: Waiting for API Manager to be up... :::"
done
apictl import-api -f /home/wso2carbon/data/apis/*.zip -e dev -k
-apictl import-app -f /home/wso2carbon/data/apps/*.zip -e dev -k
+apictl import-app -f /home/wso2carbon/data/apps/*.zip -e dev -k --verbose --update
diff --git a/wso2am/save_apis.sh b/wso2am/save_apis.sh
index 46b3332d23946f12da90ccf9ce2d68d0d0ee508d..926c93179e5a2436e9482f670940cc45377a7d8b 100755
--- a/wso2am/save_apis.sh
+++ b/wso2am/save_apis.sh
@@ -1,6 +1,11 @@
#!/bin/bash
+# clean up
+rm -rf /home/wso2carbon/.wso2apictl/exported/migration/dev/tenant-default/apis/*.zip
+rm -rf /home/wso2carbon/data/apis/*.zip
+rm -rf /home/wso2carbon/.wso2apictl/exported/apps/dev/*.zip
+rm -rf /home/wso2carbon/data/apps/*.zip
apictl login dev -u admin -p admin -k
-apictl export-apis -e dev -k
-cp -r /home/wso2carbon/.wso2apictl/exported/migration/dev/tenant-default/apis/* /home/wso2carbon/data/apis
-apictl export-app -n "Demo App" -o admin -e dev -k --withKeys
-cp -r /home/wso2carbon/.wso2apictl/exported/apps/dev/* /home/wso2carbon/data/apps
+apictl export-apis -e dev -k --force --verbose
+cp -r /home/wso2carbon/.wso2apictl/exported/migration/dev/tenant-default/apis/*.zip /home/wso2carbon/data/apis/
+apictl export-app -n "Demo_APP" -o admin -e dev -k --withKeys --verbose
+cp -r /home/wso2carbon/.wso2apictl/exported/apps/dev/*.zip /home/wso2carbon/data/apps/