From c639d2e1956b08eea54e309da1d31f98e4434ce9 Mon Sep 17 00:00:00 2001
From: Nicolas Pernoud <github@ninico.fr>
Date: Wed, 16 Dec 2020 10:54:41 +0100
Subject: [PATCH] feat: finished configuration templating
---
.gitignore | 4 +
.vscode/launch.json | 56 ----
README.md | 9 +-
keycloak/{Test.json => Test.json.template} | 8 +-
up.sh | 47 +++-
vestibule/configs/apps.json | 52 ----
vestibule/configs/apps.json.template | 52 ++++
vestibule/up.sh | 25 --
wso2am/configuration/deployment.toml | 262 ------------------
.../{keycloak.xml => keycloak.xml.template} | 10 +-
10 files changed, 100 insertions(+), 425 deletions(-)
create mode 100644 .gitignore
delete mode 100644 .vscode/launch.json
rename keycloak/{Test.json => Test.json.template} (99%)
delete mode 100644 vestibule/configs/apps.json
create mode 100644 vestibule/configs/apps.json.template
delete mode 100755 vestibule/up.sh
delete mode 100644 wso2am/configuration/deployment.toml
rename wso2am/configuration/{keycloak.xml => keycloak.xml.template} (86%)
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..637bb7e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+keycloak/Test.json
+vestibule/configs/apps.json
+wso2am/configuration/keycloak.xml
+wso2am/configuration/deployment.toml
diff --git a/.vscode/launch.json b/.vscode/launch.json
deleted file mode 100644
index 54ef0f9..0000000
--- a/.vscode/launch.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
- // Utilisez IntelliSense pour en savoir plus sur les attributs possibles.
- // Pointez pour afficher la description des attributs existants.
- // Pour plus d'informations, visitez : https://go.microsoft.com/fwlink/?linkid=830387
- "version": "0.2.0",
- "configurations": [
- {
- "name": "Debug App Demo with Mock OAuth2",
- "type": "go",
- "request": "launch",
- "mode": "debug",
- "remotePath": "",
- "port": 2345,
- "host": "127.0.0.1",
- "program": "${workspaceFolder}/app_demo/main.go",
- "env": {
- "REDIRECT_URL": "https://sdk-go.127.0.0.1.nip.io:1443/OAuth2Callback",
- "CLIENT_ID": "foo",
- "CLIENT_SECRET": "bar",
- "AUTH_URL": "http://localhost:8090/auth",
- "TOKEN_URL": "http://localhost:8090/token",
- "USERINFO_URL": "http://localhost:8090/admininfo",
- "LOGOUT_URL": "/",
- "ADMIN_GROUP": "ADMINS",
- "CLIENT_GROUP": "CLIENTS",
- "HOSTNAME": "sdk-go.127.0.0.1.nip.io"
- },
- "args": ["-debug", "-https_port=1443"],
- "showLog": true
- },
- {
- "name": "Debug App Demo with WSO2",
- "type": "go",
- "request": "launch",
- "mode": "debug",
- "remotePath": "",
- "port": 2345,
- "host": "127.0.0.1",
- "program": "${workspaceFolder}/app_demo/main.go",
- "env": {
- "REDIRECT_URL": "https://sdk-go.127.0.0.1.nip.io:1443/OAuth2Callback",
- "CLIENT_ID": "oWk0gPg6RlOR9IPu5IuZPJM8pUUa",
- "CLIENT_SECRET": "ig4wfmGm5Jtho4B9Oh1UmdUMth8a",
- "AUTH_URL": "https://172.18.0.3:9443/oauth2/authorize",
- "TOKEN_URL": "https://172.18.0.3:9443/oauth2/token",
- "USERINFO_URL": "https://172.18.0.3:9443/oauth2/userinfo",
- "LOGOUT_URL": "https://172.18.0.3:9443/oidc/logout",
- "ADMIN_GROUP": "GGD_ORG_DG-DEES-DINSI-DAAG_TOUS",
- "CLIENT_GROUP": "GGD_ORG_DG-DEES-DINSI-DAAG_TOUS",
- "HOSTNAME": "sdk-go.127.0.0.1.nip.io"
- },
- "args": ["-debug", "-https_port=1443"],
- "showLog": true
- }
- ]
-}
diff --git a/README.md b/README.md
index b7a33a0..f1f7c4f 100644
--- a/README.md
+++ b/README.md
@@ -7,11 +7,4 @@ Proof of concept of using WSO2 API Manager as Identity and Access Management sol
Clone the repository and cd to the wso2iam folder.
Start the `up.sh` script.
Wait for a bit (maybe 10 minutes or so).
-Open https://localhost:9443/carbon/application/list-service-providers.jsp and log with admin/admin.
-Edit the "admin_Demo App_PRODUCTION" service provider to select "Authentication Type: Federated Authentication SHARED_keycloak" in the "Local & Outbound Authentication Configuration" tab.
-
-Open once the https://172.18.0.3:8243/demo/1 url to allow the self signed certificate.
-
-Visit https://172.18.0.5:1443 to experience the demo (use wso2/wso2 to connect to Keycloak) !
-
-Go to https://localhost:9443/devportal (log in with admin/admin) to change the token type if needed.
+Follow the instructions to experience the demo.
\ No newline at end of file
diff --git a/keycloak/Test.json b/keycloak/Test.json.template
similarity index 99%
rename from keycloak/Test.json
rename to keycloak/Test.json.template
index 4ae56e9..45c012f 100644
--- a/keycloak/Test.json
+++ b/keycloak/Test.json.template
@@ -706,15 +706,15 @@
{
"id": "bdaf80fb-81b1-43ed-8fe1-5392d47f3e0c",
"clientId": "wso2apim",
- "rootUrl": "https://localhost:9443/commonauth",
- "adminUrl": "https://localhost:9443/commonauth",
+ "rootUrl": "https://%APIM_HOSTNAME%/commonauth",
+ "adminUrl": "https://%APIM_HOSTNAME%/commonauth",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "8f545e1b-6bf8-4ee1-b1ad-688aa5d1df95",
- "redirectUris": ["https://localhost:9443/commonauth/*"],
- "webOrigins": ["https://localhost:9443"],
+ "redirectUris": ["https://%APIM_HOSTNAME%/commonauth/*"],
+ "webOrigins": ["https://%APIM_HOSTNAME%"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
diff --git a/up.sh b/up.sh
index 1de22b5..adb185d 100755
--- a/up.sh
+++ b/up.sh
@@ -10,6 +10,13 @@ ROOT_DOMAIN=vestibule.127.0.0.1.nip.io
WSO2_VERSION=3.2.0
APICTL_VERSION=3.2.1
+# Derivated variables
+KEYCLOAK_HOSTNAME=keycloak.${ROOT_DOMAIN}
+APIM_HOSTNAME=apim.${ROOT_DOMAIN}
+GATEWAY_HOSTNAME=apis.${ROOT_DOMAIN}
+API_DEMO_HOSTNAME=api.${ROOT_DOMAIN}
+APP_DEMO_HOSTNAME=app.${ROOT_DOMAIN}
+
docker network create wso2iam
# Get apictl
@@ -21,6 +28,30 @@ if [ ! -f "${WD}/wso2am/apictl/apictl" ]; then
cd ${WD}
fi
+# Create configuration files
+# Vestibule
+rm -f ${WD}/vestibule/configs/apps.json
+cp ${WD}/vestibule/configs/apps.json.template ${WD}/vestibule/configs/apps.json
+sed -i "s/%KEYCLOAK_HOSTNAME%/${KEYCLOAK_HOSTNAME}/g" ${WD}/vestibule/configs/apps.json
+sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/vestibule/configs/apps.json
+sed -i "s/%GATEWAY_HOSTNAME%/${GATEWAY_HOSTNAME}/g" ${WD}/vestibule/configs/apps.json
+sed -i "s/%API_DEMO_HOSTNAME%/${API_DEMO_HOSTNAME}/g" ${WD}/vestibule/configs/apps.json
+sed -i "s/%APP_DEMO_HOSTNAME%/${APP_DEMO_HOSTNAME}/g" ${WD}/vestibule/configs/apps.json
+# Keycloak
+rm -f ${WD}/keycloak/Test.json
+cp ${WD}/keycloak/Test.json.template ${WD}/keycloak/Test.json
+sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/keycloak/Test.json
+# Keycloak configuration in WSO2
+rm -f ${WD}/wso2am/configuration/keycloak.xml
+cp ${WD}/wso2am/configuration/keycloak.xml.template ${WD}/wso2am/configuration/keycloak.xml
+sed -i "s/%KEYCLOAK_HOSTNAME%/${KEYCLOAK_HOSTNAME}/g" ${WD}/wso2am/configuration/keycloak.xml
+sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/wso2am/configuration/keycloak.xml
+# WSO2
+rm -f ${WD}/wso2am/configuration/deployment.toml
+cp ${WD}/wso2am/configuration/deployment.toml.template ${WD}/wso2am/configuration/deployment.toml
+sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
+sed -i "s/%GATEWAY_HOSTNAME%/${GATEWAY_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
+
# Permissions
sudo chown -Rf 802:802 $WD/wso2am/data
@@ -58,15 +89,6 @@ docker run -d \
-v $WD/keycloak:/tmp/kc \
jboss/keycloak:11.0.3
-# Create configuration file
-
-rm -f ${WD}/wso2am/configuration/deployment.toml
-cp ${WD}/wso2am/configuration/deployment.toml.template ${WD}/wso2am/configuration/deployment.toml
-APIM_HOSTNAME=apim.${ROOT_DOMAIN}
-GATEWAY_HOSTNAME=apis.${ROOT_DOMAIN}
-sed -i "s/%APIM_HOSTNAME%/${APIM_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
-sed -i "s/%GATEWAY_HOSTNAME%/${GATEWAY_HOSTNAME}/g" ${WD}/wso2am/configuration/deployment.toml
-
# Create WSO2 API Manager container
docker run -d \
--net host \
@@ -122,9 +144,8 @@ docker run -d \
docker exec -it wso2iam_wso2am restore_apis.sh
printf "
-> Open https://apim.vestibule.127.0.0.1.nip.io/carbon/application/list-service-providers.jsp and log with admin/admin.
+> Open https://${APIM_HOSTNAME}/carbon/application/list-service-providers.jsp and log with admin/admin.
> Edit the \"admin_Demo App_PRODUCTION\" service provider to select \"Authentication Type: Federated Authentication SHARED_keycloak\" in the \"Local & Outbound Authentication Configuration\" tab.
-> Open once the https://172.18.0.3:8243/demo/1 url to allow the self signed certificate.
-> Visit https://172.18.0.5:1443 to experience the demo (use wso2/wso2 to connect to Keycloak) !
-> Go to https://apim.vestibule.127.0.0.1.nip.io/devportal (log in with admin/admin) to change the token type if needed.
+> Open once the https://${API_DEMO_HOSTNAME}/demo/1 url to allow the self signed certificate.
+> Visit https://${APP_DEMO_HOSTNAME} to experience the demo (use wso2/wso2 to connect to Keycloak) !
"
diff --git a/vestibule/configs/apps.json b/vestibule/configs/apps.json
deleted file mode 100644
index acebc39..0000000
--- a/vestibule/configs/apps.json
+++ /dev/null
@@ -1,52 +0,0 @@
-[
- {
- "id": 1,
- "name": "Keycloak",
- "icon": "unlock-alt",
- "color": "#000000",
- "isProxy": true,
- "host": "keycloak.vestibule.127.0.0.1.nip.io",
- "forwardTo": "localhost:8080",
- "secured": false
- },
- {
- "id": 2,
- "name": "API Manager",
- "icon": "hands-helping",
- "color": "#000000",
- "isProxy": true,
- "host": "apim.vestibule.127.0.0.1.nip.io",
- "forwardTo": "https://localhost:9443",
- "secured": false
- },
- {
- "id": 3,
- "name": "API Gateway",
- "icon": "wind",
- "color": "#000000",
- "isProxy": true,
- "host": "apis.vestibule.127.0.0.1.nip.io",
- "forwardTo": "localhost:8280",
- "secured": false
- },
- {
- "id": 4,
- "name": "API Demo",
- "icon": "volleyball-ball",
- "color": "#000000",
- "isProxy": true,
- "host": "api.vestibule.127.0.0.1.nip.io",
- "forwardTo": "localhost:8092",
- "secured": false
- },
- {
- "id": 5,
- "name": "App Demo",
- "icon": "window-maximize",
- "color": "#000000",
- "isProxy": true,
- "host": "app.vestibule.127.0.0.1.nip.io",
- "forwardTo": "https://localhost:1443",
- "secured": false
- }
-]
\ No newline at end of file
diff --git a/vestibule/configs/apps.json.template b/vestibule/configs/apps.json.template
new file mode 100644
index 0000000..54f8a41
--- /dev/null
+++ b/vestibule/configs/apps.json.template
@@ -0,0 +1,52 @@
+[
+ {
+ "id": 1,
+ "name": "Keycloak",
+ "icon": "unlock-alt",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "%KEYCLOAK_HOSTNAME%",
+ "forwardTo": "localhost:8080",
+ "secured": false
+ },
+ {
+ "id": 2,
+ "name": "API Manager",
+ "icon": "hands-helping",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "%APIM_HOSTNAME%",
+ "forwardTo": "https://localhost:9443",
+ "secured": false
+ },
+ {
+ "id": 3,
+ "name": "API Gateway",
+ "icon": "wind",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "%GATEWAY_HOSTNAME%",
+ "forwardTo": "localhost:8280",
+ "secured": false
+ },
+ {
+ "id": 4,
+ "name": "API Demo",
+ "icon": "volleyball-ball",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "%API_DEMO_HOSTNAME%",
+ "forwardTo": "localhost:8092",
+ "secured": false
+ },
+ {
+ "id": 5,
+ "name": "App Demo",
+ "icon": "window-maximize",
+ "color": "#000000",
+ "isProxy": true,
+ "host": "%APP_DEMO_HOSTNAME%",
+ "forwardTo": "https://localhost:1443",
+ "secured": false
+ }
+]
diff --git a/vestibule/up.sh b/vestibule/up.sh
deleted file mode 100755
index ceb4462..0000000
--- a/vestibule/up.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-WD="$(
- cd "$(dirname "$0")"
- pwd -P
-)"
-docker stop vestibule && docker rm vestibule
-docker run -d --name vestibule \
- -v /etc/localtime:/etc/localtime:ro \
- -v /etc/timezone:/etc/timezone:ro \
- -v ${WD}/configs:/app/configs \
- -e REDIRECT_URL=https://vestibule.127.0.0.1.nip.io:1443/OAuth2Callback \
- -e CLIENT_ID=foo \
- -e CLIENT_SECRET=bar \
- -e AUTH_URL=http://localhost:8090/auth \
- -e TOKEN_URL=http://localhost:8090/token \
- -e USERINFO_URL=http://localhost:8090/admininfo \
- -e LOGOUT_URL=/ \
- -e ADMIN_ROLE=ADMINS \
- -e HOSTNAME=vestibule.127.0.0.1.nip.io \
- -e ONLYOFFICE_TITLE=VestibuleOffice \
- -e ONLYOFFICE_SERVER=https://localhost:2443 \
- -e INMEMORY_TOKEN_LIFE_DAYS=2 \
- -p 443:443 \
- nicolaspernoud/vestibule:development \
- -debug
diff --git a/wso2am/configuration/deployment.toml b/wso2am/configuration/deployment.toml
deleted file mode 100644
index 00c7068..0000000
--- a/wso2am/configuration/deployment.toml
+++ /dev/null
@@ -1,262 +0,0 @@
-[transport.https.properties]
-proxyPort = 443
-[server]
-hostname = "apim.vestibule.127.0.0.1.nip.io"
-node_ip = "127.0.0.1"
-#offset=0
-mode = "single" #single or ha
-base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
-#discard_empty_caches = false
-server_role = "default"
-
-[super_admin]
-username = "admin"
-password = "admin"
-create_admin_account = true
-
-[user_store]
-type = "database_unique_id"
-
-[database.apim_db]
-type = "h2"
-url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
-username = "wso2carbon"
-password = "wso2carbon"
-
-[database.shared_db]
-type = "h2"
-url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
-username = "wso2carbon"
-password = "wso2carbon"
-
-[keystore.tls]
-file_name = "wso2carbon.jks"
-type = "JKS"
-password = "wso2carbon"
-alias = "wso2carbon"
-key_password = "wso2carbon"
-
-#[keystore.primary]
-#file_name = "wso2carbon.jks"
-#type = "JKS"
-#password = "wso2carbon"
-#alias = "wso2carbon"
-#key_password = "wso2carbon"
-
-#[keystore.internal]
-#file_name = "wso2carbon.jks"
-#type = "JKS"
-#password = "wso2carbon"
-#alias = "wso2carbon"
-#key_password = "wso2carbon"
-
-[[apim.gateway.environment]]
-name = "Production and Sandbox"
-type = "hybrid"
-display_in_api_console = true
-description = "This is a hybrid gateway that handles both production and sandbox token traffic."
-show_as_token_endpoint_url = true
-service_url = "https://localhost:${mgt.transport.https.port}/services/"
-username= "${admin.username}"
-password= "${admin.password}"
-ws_endpoint = "ws://apis.vestibule.127.0.0.1.nip.io:9099"
-wss_endpoint = "wss://apis.vestibule.127.0.0.1.nip.io:8099"
-http_endpoint = "http://apis.vestibule.127.0.0.1.nip.io:${http.nio.port}"
-https_endpoint = "https://apis.vestibule.127.0.0.1.nip.io"
-
-#[apim.cache.gateway_token]
-#enable = true
-#expiry_time = "900s"
-
-#[apim.cache.resource]
-#enable = true
-#expiry_time = "900s"
-
-#[apim.cache.km_token]
-#enable = false
-#expiry_time = "15m"
-
-#[apim.cache.recent_apis]
-#enable = false
-
-#[apim.cache.scopes]
-#enable = true
-
-#[apim.cache.publisher_roles]
-#enable = true
-
-#[apim.cache.jwt_claim]
-#enable = true
-#expiry_time = "15m"
-
-#[apim.cache.tags]
-#expiry_time = "2m"
-
-#[apim.analytics]
-#enable = false
-#store_api_url = "https://localhost:7444"
-#username = "$ref{super_admin.username}"
-#password = "$ref{super_admin.password}"
-#event_publisher_type = "default"
-#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
-#publish_response_size = true
-
-#[[apim.analytics.url_group]]
-#analytics_url =["tcp://analytics1:7611","tcp://analytics2:7611"]
-#analytics_auth_url =["ssl://analytics1:7711","ssl://analytics2:7711"]
-#type = "loadbalance"
-
-#[[apim.analytics.url_group]]
-#analytics_url =["tcp://analytics1:7612","tcp://analytics2:7612"]
-#analytics_auth_url =["ssl://analytics1:7712","ssl://analytics2:7712"]
-#type = "failover"
-
-#[apim.key_manager]
-#service_url = "https://localhost:${mgt.transport.https.port}/services/"
-#username = "$ref{super_admin.username}"
-#password = "$ref{super_admin.password}"
-#pool.init_idle_capacity = 50
-#pool.max_idle = 100
-#key_validation_handler_type = "default"
-#key_validation_handler_type = "custom"
-#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
-
-[apim.idp]
-server_url = "https://apim.vestibule.127.0.0.1.nip.io"
-authorize_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oauth2/authorize"
-oidc_logout_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oidc/logout"
-oidc_check_session_endpoint = "https://apim.vestibule.127.0.0.1.nip.io/oidc/checksession"
-
-#[apim.jwt]
-#enable = true
-#encoding = "base64" # base64,base64url
-#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
-#claim_dialect = "http://wso2.org/claims"
-#convert_dialect = false
-#header = "X-JWT-Assertion"
-#signing_algorithm = "SHA256withRSA"
-#enable_user_claims = true
-#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
-
-#[apim.oauth_config]
-#enable_outbound_auth_header = false
-#auth_header = "Authorization"
-#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
-#enable_token_encryption = false
-#enable_token_hashing = false
-
-[apim.devportal]
-url = "https://apim.vestibule.127.0.0.1.nip.io/devportal"
-#enable_application_sharing = false
-#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
-#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
-#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
-#display_multiple_versions = false
-#display_deprecated_apis = false
-#enable_comments = true
-#enable_ratings = true
-#enable_forum = true
-#enable_anonymous_mode=true
-
-[apim.cors]
-allow_origins = "*"
-allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
-allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey"]
-allow_credentials = false
-
-#[apim.throttling]
-#enable_data_publishing = true
-#enable_policy_deploy = true
-#enable_blacklist_condition = true
-#enable_persistence = true
-#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
-
-#[apim.throttling.blacklist_condition]
-#start_delay = "5m"
-#period = "1h"
-
-#[apim.throttling.jms]
-#start_delay = "5m"
-
-#[apim.throttling.event_sync]
-#hostName = "0.0.0.0"
-#port = 11224
-
-#[apim.throttling.event_management]
-#hostName = "0.0.0.0"
-#port = 10005
-
-#[[apim.throttling.url_group]]
-#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
-#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
-#type = "loadbalance"
-
-#[[apim.throttling.url_group]]
-#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
-#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
-#type = "failover"
-
-#[apim.workflow]
-#enable = false
-#service_url = "https://localhost:9445/bpmn"
-#username = "$ref{super_admin.username}"
-#password = "$ref{super_admin.password}"
-#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
-#token_endpoint = "https://localhost:${https.nio.port}/token"
-#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
-#client_registration_username = "$ref{super_admin.username}"
-#client_registration_password = "$ref{super_admin.password}"
-
-#data bridge config
-#[transport.receiver]
-#type = "binary"
-#worker_threads = 10
-#session_timeout = "30m"
-#keystore.file_name = "$ref{keystore.tls.file_name}"
-#keystore.password = "$ref{keystore.tls.password}"
-#tcp_port = 9611
-#ssl_port = 9711
-#ssl_receiver_thread_pool_size = 100
-#tcp_receiver_thread_pool_size = 100
-#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
-#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
-
-#[apim.notification]
-#from_address = "APIM.com"
-#username = "APIM"
-#password = "APIM+123"
-#hostname = "localhost"
-#port = 3025
-#enable_start_tls = false
-#enable_authentication = true
-
-#[apim.token.revocation]
-#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
-#enable_realtime_notifier = true
-#realtime_notifier.ttl = 5000
-#enable_persistent_notifier = true
-#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
-#persistent_notifier.ttl = 5000
-#persistent_notifier.username = "root"
-#persistent_notifier.password = "root"
-
-[[event_handler]]
-name="userPostSelfRegistration"
-subscriptions=["POST_ADD_USER"]
-
-[service_provider]
-sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
-
-[database.local]
-url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
-
-[[event_listener]]
-id = "token_revocation"
-type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
-name = "org.wso2.is.notification.ApimOauthEventInterceptor"
-order = 1
-[event_listener.properties]
-notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
-username = "${admin.username}"
-password = "${admin.password}"
-'header.X-WSO2-KEY-MANAGER' = "default"
\ No newline at end of file
diff --git a/wso2am/configuration/keycloak.xml b/wso2am/configuration/keycloak.xml.template
similarity index 86%
rename from wso2am/configuration/keycloak.xml
rename to wso2am/configuration/keycloak.xml.template
index 52d4bd4..7f87020 100644
--- a/wso2am/configuration/keycloak.xml
+++ b/wso2am/configuration/keycloak.xml.template
@@ -2,7 +2,7 @@
<IdentityProviderName>SHARED_keycloak</IdentityProviderName>
<DisplayName>keycloak</DisplayName>
<IdentityProviderDescription></IdentityProviderDescription>
- <Alias>https://localhost:9444/oauth2/token/</Alias>
+ <Alias>https://%APIM_HOSTNAME%/oauth2/token/</Alias>
<IsPrimary></IsPrimary>
<IsEnabled>true</IsEnabled>
<IsFederationHub></IsFederationHub>
@@ -20,19 +20,19 @@
</property>
<property>
<Name>OAuth2AuthzEPUrl</Name>
- <Value>http://172.18.0.2:8080/auth/realms/Test/protocol/openid-connect/auth</Value>
+ <Value>http://%KEYCLOAK_HOSTNAME%/auth/realms/Test/protocol/openid-connect/auth</Value>
</property>
<property>
<Name>OAuth2TokenEPUrl</Name>
- <Value>http://172.18.0.2:8080/auth/realms/Test/protocol/openid-connect/token</Value>
+ <Value>http://%KEYCLOAK_HOSTNAME%/auth/realms/Test/protocol/openid-connect/token</Value>
</property>
<property>
<Name>UserInfoUrl</Name>
- <Value>http://172.18.0.2:8080/auth/realms/Test/protocol/openid-connect/userinfo</Value>
+ <Value>http://%KEYCLOAK_HOSTNAME%/auth/realms/Test/protocol/openid-connect/userinfo</Value>
</property>
<property>
<Name>CallBackUrl</Name>
- <Value>https://localhost:9443/commonauth</Value>
+ <Value>https://%APIM_HOSTNAME%/commonauth</Value>
</property>
<property>
<Name>ClientSecret</Name>
--
GitLab