-
Notifications
You must be signed in to change notification settings - Fork 972
Expand file tree
/
Copy pathdeployment-fapi-config.toml
More file actions
106 lines (82 loc) · 2.85 KB
/
deployment-fapi-config.toml
File metadata and controls
106 lines (82 loc) · 2.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
[server]
hostname = "iam"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[user_store]
type = "database_unique_id"
[database.identity_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2IDENTITY_DB;IGNORECASE=TRUE;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
username = "wso2carbon"
password = "wso2carbon"
[database.shared_db]
type = "h2"
url = "jdbc:h2:./repository/database/WSO2SHARED_DB;IGNORECASE=TRUE;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
username = "wso2carbon"
password = "wso2carbon"
[datasource.AgentIdentity]
id = "AgentIdentity"
url = "jdbc:h2:./repository/database/WSO2AGENTIDENTITY_DB;IGNORECASE=TRUE;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000"
username = "wso2carbon"
password = "wso2carbon"
driver = "org.h2.Driver"
[keystore.primary]
file_name = "wso2carbon.p12"
password = "wso2carbon"
[truststore]
file_name="client-truststore.p12"
password="wso2carbon"
type="PKCS12"
[account_recovery.endpoint.auth]
hash= "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
[identity.auth_framework.endpoint]
app_password= "dashboard"
# The KeyStore which is used for encrypting/decrypting internal data. By default the primary keystore is used as the internal keystore.
#[keystore.internal]
#file_name = "$ref{keystore.primary.file_name}"
#type = "$ref{keystore.primary.type}"
#password = "$ref{keystore.primary.password}"
#alias = "$ref{keystore.primary.alias}"
#key_password = "$ref{keystore.primary.key_password}"
# The KeyStore which is used for tls communication. By default the primary keystore is used as the tls keystore.
#[keystore.tls]
#file_name = "$ref{keystore.primary.file_name}"
#type = "$ref{keystore.primary.type}"
#password = "$ref{keystore.primary.password}"
#alias = "$ref{keystore.primary.alias}"
#key_password = "$ref{keystore.primary.key_password}"
#Google reCAPTCHA settings.
#[recaptcha]
#enabled = true
#api_url = "https://www.google.com/recaptcha/api.js"
#verify_url = "https://www.google.com/recaptcha/api/siteverify"
#site_key = ""
#secret_key = ""
# SMTP email sender settings.
#[output_adapter.email]
#from_address= "abcd@gmail.com"
#username= "abcd"
#password= "xxxx"
#hostname= "smtp.gmail.com"
#port= 587
# FAPI
[oauth.dcr]
enable_fapi_enforcement = true
[oauth.oidc]
id_token.signature_algorithm="PS256"
# Token endpoint related configurations
[oauth.oidc.token_endpoint]
signing_algorithms=["PS256","ES256"]
# Userinfo response signing algorithm
[oauth.oidc.user_info]
jwt_signature_algorithm="PS256"
[transport.https.sslHostConfig.properties]
ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
[oauth.mutualtls]
client_certificate_header = "x-wso2-mtls-cert"
[oauth.jwks_endpoint]
read_timeout = "10s"