Tuesday, August 30, 2016

[WSO2 App Manager] How to Publish Webapp to Multiple Tenant Stores.

In WSO2 App Manager, by default webapps are published to their own app store. But you can configure it to publish apps to external stores as well. 
In this post, we are talking about how to do that.
  1. Log in to Management Console.
  2. Go to Main -> Browse -> and navigate to   /_system/governance/appmgt/applicationdata/external-app-stores.xml, and click on "Edit As Text". Add each external app store which you want to publish apps, inside <ExternalAPPStores> element .
  3.    
     <ExternalAPPStores>  
       <StoreURL>http://localhost:9763/store</StoreURL>  
       <ExternalAPPStore id="Store1" type="wso2" className="org.wso2.carbon.appmgt.impl.publishers.WSO2ExternalAppStorePublisher">  
         <DisplayName>Engineering</DisplayName>  
         <Endpoint>http://localhost:9763/publisher</Endpoint>  
         <Username>admin@eng.com</Username>  
         <Password>xxxxx</Password>  
       </ExternalAPPStore>  
        
       <ExternalAPPStore id="Store2" type="wso2" className="org.wso2.carbon.appmgt.impl.publishers.WSO2ExternalAppStorePublisher">  
         <DisplayName>Finance</DisplayName>  
         <Endpoint>http://localhost:9763/publisher</Endpoint>  
         <Username>admin@finance.com</Username>  
         <Password>xxxx</Password>  
       </ExternalAPPStore>   
     </ExternalAPPStores>  
       
    
  4. Create a webapp and publish it.  Then go to webapp overview page. All the external app stores added in step 2, are previewed on "External Stores" tab.
  5. Select the stores and click on Save to publish the webapp to selected stores.  
  6. From WSO2 App Manager 1.2.1, if you want to publish web apps to external store, you need to follow this step too. Go to Main -> Browse -> in Management Console and navigate to   /_system/config/store/configs/store.json and click on "Edit As Text". Set "publicVisibility"  to true.
  7. Then, go to the relevant external store. You will see the app there with  an "Ad" label. Here Ad stands for "Advertised
  8. This apps life cycle status can be changed by any publisher but it can be edited by the original publisher.

Monday, August 22, 2016

[WSO2 App Manager] How to Add Custom Image Field to a Webapp

In default publisher UI, two images can be uploaded when creating a webapp. They are image banner and image thumbnail. Suppose you want to add the another image input too for apps, and let’s see how to do that.

First, Let's see how to add a custom image field to UI (Jaggery APIs).

For example,  let's take "Logo" as the custom field.

1. Modify <APPM_HOME>/repository/resources/rxt/webapp.rxt by adding below code under <table name="Images">.
   
   <field type="text">  
      <name>Logo</name>  
   </field>  
   
2. Login to Management console and navigate to Home > Extensions > Configure > Artifact Types and delete "webapp.rxt"

3. Add following block under "fields" of <APPM_HOME>/repository/deployment/server/jageeryapps/publisher/config/ext/webapp.json
   
   {  
      "name": "logo",  
      "table": "images",  
      "type": "imageFile"  
   }  
   
4. Add following line under "storeFields" of <APPM_HOME>/repository/deployment/server/jaggeryapps/publisher/config/storage.json
   
   "images_logo"  
   
5. Add below line to both <APPM_HOME>repository/deployment/server/jageeryapps/publisher/themes/appm/partials/add-asset.hbs
and
<APPM_HOME>repository/deployment/server/jageeryapps/publisher/themes/appm/partials/edit-asset.hbs
files.
   
   {{{ form_render "images_logo" data.fields }}}  
   
6. When you create a new version of an existing webapp, to copy the image field value to the new version, you need to add below line to
<APPM_HOME>/repository/deployment/server/jaggeryapps/publisher/themes/appm/partials/copy-app.hbs
   
   <input type='text' value="{{{snoop "fields(name=images_logo).value" data}}}" name="images_logo" id="images_logo"/>  
   
   

Now, Let's see how to add customized image field to the REST APIs.

7. Go to Main -> Browse -> in Management console and navigate to   /_system/governance/appmgt/applicationdata/custom-property-definitions/webapp.json and click on "Edit As Text". Add the custom fields inside customPropertyDefinitions section.
   
   {  
     "customPropertyDefinitions":  
     [  
       {"name":"images_logo"}  
     ]  
   }  
   
8. Restart App Manager.

9. Sample curl command with custom image property to create a web app is shown in below.
   
 curl -X POST -H "Authorization: Bearer c4cdc394-931f-3e3f-9a91-f2be09fab1de" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{"name":"sampleApp","version":"1.0.0","banner":"36d35be6-1847-4d22-b885-16c653486a77/241eb51a2fdb683b.jpg","thumbnailUrl":"85229347-fcdf-4548-993e-1509dd4242df/dd24c0d2ea4a5697.png","displayName":"sampleApp","description":   
  "description","isSite":"false","context":"sampleContext","appUrL":"http://wso2.com",   
  "transport":"http", "customProperties":[   
   {   
    "name":"images_logo",   
    "value":"1b3bfd53-ff9a-4dd3-85f0-5e75e6bfa215/R9GxtyGTG7gN5hQ.jpg"   
   }   
  ]}' "http://localhost:9763/api/appm/publisher/v1.1/apps/webapp"   
   
Note : Refer this to upload a image to the system. Then, you can use that uploaded image  to create web app from REST APIs.

8. Web app create page with the newly added image field(i.e. Logo) will be shown as below.

save image

Tuesday, August 9, 2016

How to Configure SAML2 SSO in WSO2 DAS Portal

Single sign-on (SSO) allows users, who are authenticated against one application, gain access to multiple other related applications without having to repeatedly authenticate themselves.

Following this blog, you can configure SSO for DAS Portal and Management Console. This post is applicable to DAS 3.1.0+.
  1. Share user store between WSO2 DAS and WSO2 Identity Server following this.
  2. Mount and share registry between WSO2 DAS and WSO2 Identity Server following this.
  3. Login to Identity Server and Go to Home > Identity > Service Providers > Add page.
  4. Create a service provider for Management Console with following configuration.
    • Issuer : carbonServer
    • Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/acs
    • Select the following options:
      • Enable Response Signing
      • Enable Single Logout 

        For Example :

  5. Create a service provider for DAS  Portal with following configuration.
    • Issuer : portal
    • Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/portal/acs
    • Select the following options:
      • Enable Response Signing
      • Enable Single Logout
      • Enable Audience Restriction and enter following 2 audiences.
        • Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
        • Management console issuer name (i.e. carbonServer)
      • Enable Recipient Validation and enter the following recipient.
        • Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
          For Example :
  6. Change the SAML2SSOAuthenticator configuration in <DAS_HOME>/repository/conf/security/authenticators.xml file as follows:
    • Set disabled = false in <Authenticator> element
    • ServiceProviderID : it is the issuer name of the service provider created in step 4 (carbonServer)
    • IdentityProviderSSOServiceURL : https://<IDP_URL>:<IDP_PORT>/samlsso
    • AssertionConsumerServiceURL: https://<DAS_URL>:<DAS_PORT>/acs
  7. Change the "authentication" configuration in <DAS_HOME>/repository/deployment/server/jaggeryapps/portal/configs/designer.json
    • activeMethod :sso
    • issuer: portal
    • identityProviderURL: https://<IDP_URL>:<IDP_PORT>/samlsso
    • acs : https://<DAS_URL>:<DAS_PORT>/portal/acs
  8. Restart DAS server.

Monday, August 8, 2016

How to Mount and Share Registry Between WSO2 Servers.

Most of the WSO2 products have embedded registry to that product which store data and persisting configuration. The Registry space provided to each product contains three major partitions.

  • Local Repository : Contains system configuration and runtime data that is local to the single instance of a product. This partition is not to be shared with multiple servers and can be browsed under /_system/local in the registry browser.
  • Configuration Repository : Contains product specific configuration. This partition can be shared across multiple instances of the same product and can be browsed under /_system/config in the registry browser.
  • Governance Repository :  Contains data and configuration shared across the platform. This partition can be made use of by multiple instances of various Carbon based products and can be can be browsed under /_system/governance in the registry browser.
We can mount registry between WSO2 carbon servers. Here I'm going to explain using WSO2 App Manager and WSO2 Identity Server.
  1. Create new database called APPM_REG_DB in MYSQL server
  2. Create tables inside the created database by executing the script in <APPM_HOME>/dbscripts/mysql.sql
  3. If App Manager and Identity Server are running on the same machine, follow this step.
  4. Set Offset value to 1 in /repository/conf/carbon.xml.
       
       <Offset>1</Offset>  
       
    
  5. Specify the datasource definition like below in the <APPM_HOME>/repository/conf/datasources/master-datasources.xml to connect early created APPM_REG_DB database to mount registry.
  6.    
       <datasource>   
         <name>WSO2REG_DB</name>   
         <description>The datasource used for registry database</description>   
         <jndiConfig>   
           <name>jdbc/WSO2REG_DB</name>   
         </jndiConfig>   
         <definition type="RDBMS">   
           <configuration>   
             <url>jdbc:mysql://localhost:3306/APPM_REG_DB</url>   
             <username>username</username>   
             <password>password</password>   
             <driverClassName>com.mysql.jdbc.Driver</driverClassName>   
             <maxActive>50</maxActive>   
             <maxWait>60000</maxWait>   
             <testOnBorrow>true</testOnBorrow>   
             <validationQuery>SELECT 1</validationQuery>   
             <validationInterval>30000</validationInterval>   
           </configuration>   
         </definition>   
       </datasource>  
       
    
  7. Add the same datasource configuration to <IS_HOME>/repository/conf/datasources/master-datasources.xml.
  8. Copy the database driver to both <IS_HOME>/repository/components/lib and <AppM_HOME>/repository/components/lib directories.
  9. Create the registry mounts by inserting the following sections to both <APPM_HOME>/repository/conf/registry.xml and <IS_HOME>/repository/conf/registry.xml file. Remember to not to replace the existing <dbConfig name="wso2registry">. Just add below configuration to the existing configuration.
  10.    
       <dbConfig name="govregistry">  
         <dataSource>jdbc/WSO2REG_DB</dataSource>  
       </dbConfig>  
        
       <remoteInstance url="https://localhost">    
         <id>gov</id>  
         <dbConfig>govregistry</dbConfig>  
         <readOnly>false</readOnly>  
         <enableCache>true</enableCache>  
         <registryRoot>/</registryRoot>  
       </remoteInstance>  
        
       <mount path="/_system/governance" overwrite="true">  
         <instanceId>gov</instanceId>  
         <targetPath>/_system/governance</targetPath>  
       </mount>  
        
       <mount path="/_system/config" overwrite="true">  
         <instanceId>gov</instanceId>  
         <targetPath>/_system/config</targetPath>  
       </mount>  
       
    
  11. Restart both server.
  12. That's all. Now both servers should see the same configs and governance registries.
  13. To confirm everything was successful, go to Home > Resources > Browse from management console. You can see "config" and "governance" repositories with an arrow as in below image.

Friday, August 5, 2016

How to Share Userstore Between Two WSO2 Servers

We can share user store between WSO2 carbon servers. Here I'm going to explain using WSO2 App Manager and WSO2 Identity Server.
  1. Create new database called APPM_UM_DB in MYSQL server
  2. Create tables inside the created database by executing the script in <APPM_HOME>/dbscripts/mysql.sql
  3. If App Manager and Identity Server are running on the same machine, follow this step.
  4. Set Offset value to 1 in /repository/conf/carbon.xml.
       
       <Offset>1</Offset>  
       
  5. Specify the datasource definition like below in the <APPM_HOME>/repository/conf/datasources/master-datasources.xml to connect early created APPM_UM_DB database to share user store.
       
       <datasource>  
          <name>WSO2UM_DB</name>  
          <description>The datasource used for user manager database</description>  
          <jndiConfig>  
            <name>jdbc/WSO2UM_DB</name>  
          </jndiConfig>  
           <definition type="RDBMS">  
             <configuration>  
               <url>jdbc:mysql://localhost:3306/APPM_UM_DB</url>  
                <username>username</username>  
                <password>password</password>  
                <driverClassName>com.mysql.jdbc.Driver</driverClassName>  
                <maxActive>50</maxActive>  
                <maxWait>60000</maxWait>  
                <testOnBorrow>true</testOnBorrow>  
                <validationQuery>SELECT 1</validationQuery>  
                <validationInterval>30000</validationInterval>  
             </configuration>  
         </definition>  
       </datasource>  
          
    
  6. Add the same data source configuration to <IS_HOME>/repository/conf/datasources/master-datasources.xml.
  7. Copy the database driver to both <IS_HOME>/repository/components/lib and <AppM_HOME>/repository/components/lib directories.
  8. Update the <APPM_HOME>/repository/conf/user-mgt.xml with jndiConfig name added in step 4 (i.e. jdbc/WSO2UM_DB) as below.
       
       <configuration>   
         ...  
         <Property name="dataSource">jdbc/WSO2UM_DB</Property>  
       </configuration>  
       
  9. Repeat step 7 to <IS_HOME>/repository/conf/user-mgt.xml.
  10. The Identity Server has an embedded LDAP user store and App manager has a JDBC user store by default. You can use either JDBC or LDAP user store in both servers(Both should be the same.) Here I'm using JDBC user store. Copy following configuration from <APPM_HOME>/repository/conf/user-mgt.xml to <IS_HOME>/repository/conf/user-mgt.xml. Remember to remove LDAP user store from Identity server user-mgt.xml.
       
       <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">  
           <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>  
             <Property name="ReadOnly">false</Property>  
           <Property name="MaxUserNameListLength">100</Property>  
           <Property name="IsEmailUserName">false</Property>  
           <Property name="DomainCalculation">default</Property>  
           <Property name="PasswordDigest">SHA-256</Property>  
           <Property name="StoreSaltedPassword">true</Property>  
           <Property name="ReadGroups">true</Property>  
            <Property name="WriteGroups">true</Property>  
           <Property name="UserNameUniqueAcrossTenants">false</Property>  
           <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>  
           <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>  
            <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>  
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>  
            <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>  
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>  
           <Property name="UserRolesCacheEnabled">false</Property>  
           <Property name="MaxRoleNameListLength">100</Property>  
           <Property name="MaxUserNameListLength">100</Property>  
            <Property name="SharedGroupEnabled">false</Property>  
           <Property name="SCIMEnabled">false</Property>  
         </UserStoreManager>  
       
    
  11. Restart both servers.
That's all. Now if you create a user or a role from one server, it will be shown in both servers.