Micro Integrator Dashboard Configuration Catalog¶
All the server-level configurations of your Micro Integrator Dashboard can be applied using a single configuration file, which is the deployment.toml
file (stored in the MI_DASHBOARD_HOME/conf
directory).
The complete list of configuration parameters that you can use in the deployment.toml
file are listed below along with descriptions.
Instructions for use¶
To update the product configurations:
- Open the
deployment.toml
file (stored in theMI_DASHBOARD_HOME/conf
directory). - Select the required configuration headers and parameters from the list given below and apply them to the
deployment.toml
file.
The default deployment.toml
file of the Micro Integrator Dashboard is as follows:
[server_config]
port = 9743
[heartbeat_config]
pool_size = 15
[mi_user_store]
username = "admin"
password = "admin"
[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"
Deployment¶
[server_config]
port = 9743
[server_config]
Required
This configuration header is required for configuring the deployment parameters that are used for identifying a Micro Integrator Dashboard server.
port
integer Required
9743
The port of the Micro Integrator Dashboard.
Heart beat¶
[heartbeat_config]
pool_size = 15
[heartbeat_config]
Required
This configuration header is required for the Micro Integrator dashboard server to listen to the Micro Inetgrator runtimes.
pool_size
integer Required
15
The Micro Integrator Dashboard uses a thread pool executor to create threads and to handle incoming requests from Micro Integrator runtimes. This parameter controls the number of threads used by the executor pool.
Micro Integrator User Store¶
[mi_user_store]
username = "admin"
password = "admin"
[mi_user_store]
Required
This configuration header is required for the Micro Integrator dashboard server to connect with the Micro Integrator instances.
username
string Required
"admin"
The user name for signing in to the Micro Integrator runtimes.
password
string Required
"admin"
The user password for signing in to the Micro Integrator runtimes.
Keystore¶
[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"
[keystore]
Required
This configuration header is used for SSL handshaking when the server communicates with the web browser.
file_name
string Required
conf/security/dashboard.jks
-
The name of the keystore file that is used for SSL communication.
password
string Required
wso2carbon
The password of the keystore file that is used for SSL communication. The keystore password is used when accessing the keys in the keystore.
key_password
string Required
wso2carbon
The password of the private key that is included in the keystore.
Truststore¶
[truststore]
file_name="con/security/wso2truststore.jks"
password="wso2carbon"
[truststore]
This configuration header is required for configuring the parameters that connect the Micro Integrator Dashboard to the keystore file (trust store) that is used to store the digital certificates that the server trusts for SSL communication.
file_name
string Required
The path of the keystore file that is used for storing the trusted digital certificates.
password
string Required
The password of the keystore file that is used as the trust store.
Database Connection¶
[datasource]
jdbcUrl = "jdbc:oracle:thin:@localhost:1521/ORCLPDB1"
username = "SYSTEM"
password = "oracle"
driverClassName = "oracle.jdbc.OracleDriver"
maximumPoolSize = "100"
poolName = "dashboard-1"
connectionTimeout = "30000"
maxLifetime = "1800000"
[datasource]
Required
This configuration header is required for connecting to a database from the Micro Integrator (MI) Dashboard.
jdbcUrl
string Required
-
-
The connection URL for your database. Note that the URL depends on the type of database you use.
username
string Required
-
-
The user name for connecting to the database.
password
string Required
-
-
The password for connecting to the database.
driverClassName
string Required
-
-
The driver class of your database.
maximumPoolSize
integer
10
-
This property controls the maximum size that the pool is allowed to reach, including both idle and in-use connections. Basically, this value will determine the maximum number of actual connections to the database backend. A reasonable value for this is best determined by your execution environment. When the pool reaches this size, and no idle connections are available, calls to getConnection() will block for up to connectionTimeout milliseconds before timing out.
poolName
String
auto-generated
-
This property represents a user-defined name for the connection pool and appears mainly in logging and JMX management consoles to identify pools and pool configurations.
connectionTimeout
long
30000 (30 seconds)
-
This property controls the maximum number of milliseconds that a client will wait for a connection from the pool. If this time is exceeded without a connection becoming available, a SQLException will be thrown. Lowest acceptable connection timeout is 250 ms.
maxLifetime
long
1800000 (30 minutes)
-
This property controls the maximum lifetime of a connection in the pool. An in-use connection will never be retired, only when it is closed will it then be removed. On a connection-by-connection basis, minor negative attenuation is applied to avoid mass-extinction in the pool. We strongly recommend setting this value, and it should be several seconds shorter than any database or infrastructure imposed connection time limit. A value of 0 indicates no maximum lifetime (infinite lifetime). The minimum allowed value is 30000ms (30 seconds).
Single Sign-On¶
Note
- Upgrade Micro Integrator Dashboard to version 4.0.1 or above to enable this feature.
- This feature was tested with WSO2 IS 5.10.0 and Shibboleth 4.1.2. There may be compatibility issues when using other vendors.
[sso]
enable = true
client_id = "abcqet54mfD6t5d7"
idp_url = "https://localhost/oauth2"
jwt_issuer = "https://localhost/oauth2"
resource_server_URLs = ["https://localhost:9743"]
sign_in_redirect_URL = "https://localhost:9743/sso"
admin_group_attribute = "groups"
admin_groups = ["admin", "tester"]
[[sso.authorization_request.params]]
key = "app_id"
value = "C123d"
[sso]
Required
This configuration header is required for configuring Single Sign-on with OpenID Connect.
enable
boolean Required
false
true or false
Use this paramater to enable Single Sign-On.
client_id
string Required
Specify the client ID generated from the Identity Provider.
client_secret
string
Specify the client secret generated from the Identity Provider.
idp_url
string Required
The URL of the Identity Provider.
well_known_endpoint
string
"/oauth2/token/.well-known/openid-configuration"
The resource path of the well known endpoint that is used to get the OpenID Connect metadata of your Identity Provider. The SSO plugin will append this value to the idp_url
to get the URL of the well known endpoint.
jwt_issuer
string Required
The Identity Provider's issuer identifier.
override_well_known_endpoint
boolean
false
true or false
Use this paramater to manually define the OpenID Connect endpoints of the Identity Provider. When overriding is enabled, you need to define authorization, token, user-info, token-revocation, introspection and logout endpoints.
jwks_endpoint
string
The resource path of the jwks endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
authorization_endpoint
string
"/oauth2/authorize"
The resource path of the authorization endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
token_endpoint
string
"/oauth2/token"
The resource path of the token endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
user_info_endpoint
string
The resource path of the user info endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
revocation_endpoint
string
"/oauth2/revoke"
The resource path of the token revocation endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
introspection_endpoint
string
The resource path of the introspection endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
end_session_endpoint
string
"/oidc/logout"
The resource path of the logout endpoint. The SSO plugin will append this value to the idp_url
to get the URL of the jwks endpoint.
resource_server_URLs
array Required
["https://localhost:9743"]
["https://{hostname/ip}:{port}"]
The URL of the Micro Integrator Dashboard. Be sure to replace {hostname/ip} and {port} with the relevant values.
sign_in_redirect_URL
string Required
"https://localhost:9743/sso"
"https://{hostname/ip}:{port}/sso"
The Sign In redirect URL of the Micro Integrator Dashboard. Be sure to replace {hostname/ip} and {port} with the relevant values.
sign_out_redirect_URL
string
"https://localhost:9743"
"https://{hostname/ip}:{port}"
The Sign Out redirect URL of the Micro Integrator Dashboard. Be sure to replace {hostname/ip} and {port} with the relevant values.
admin_group_attribute
string
The claim name used by the Identity Provider to determine the group of the user.
admin_groups
array
["publisher", "tester", "any group assigned to the users"]
The groups which are used to grant admin privileges to users. If the user belongs to any of the defined groups, that user is considered as an Admin user.
enable_PKCE
boolean
true
true or false
Use this paramater to specify if a PKCE should be sent with the request for the authorization code.
scope
array
["openid"]
Use this paramater to specify the requested scopes.
user_name_attribute
string
"sub"
Use this paramater to specify the attribute you need to use as the user name in the dashboard.
[[sso.authorization_request.params]]
This configuration header is required for defining custom parameters that needs to be sent with the Authorization request to the Identity Provider.
key
string
Use this parameter to specify the key of the parameter you want to send with the authorization request.
value
string
Use this parameter to specify the value of the parameter you want to send with the authorization request.