aws-cusom-images/config/deployment.toml

[server]
hostname = "${MGT_HOSTNAME}"
#offset=0
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"

[database_configuration]
enable_h2_console = "true"

[super_admin]
username = "${SUPER_ADMIN_USERNAME}"
password = "${SUPER_ADMIN_PASSWORD}"
create_admin_account = true

[user_store]
type = "database_unique_id"

[database.apim_db]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/AM_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[database.shared_db]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/SHARED_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[database.user]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/UM_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[keystore.tls]
file_name =  "wso2carbon.jks"
type =  "JKS"
password =  "wso2carbon"
alias =  "wso2carbon"
key_password =  "wso2carbon"

[identity_mgt.endpoint]
enable_self_signup_endpoint = false

[web_app.listener]
class_name = ["io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener.APIPublisherLifecycleListener", "io.entgra.device.mgt.core.device.mgt.core.config.permission.lifecycle.WebAppDeploymentLifecycleListener"]

#[keystore.primary]
#file_name =  "wso2carbon.jks"
#type =  "JKS"
#password =  "wso2carbon"
#alias =  "wso2carbon"
#key_password =  "wso2carbon"

#[keystore.internal]
#file_name =  "wso2carbon.jks"
#type =  "JKS"
#password =  "wso2carbon"
#alias =  "wso2carbon"
#key_password =  "wso2carbon"

[[apim.gateway.environment]]
name = "Default"
type = "hybrid"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username= "${admin.username}"
password= "${admin.password}"
ws_endpoint = "ws://${GATEWAY_HOSTNAME}:9099"
wss_endpoint = "wss://${GATEWAY_HOSTNAME}:8099"
http_endpoint = "http://${GATEWAY_HOSTNAME}"
https_endpoint = "https://${GATEWAY_HOSTNAME}"
websub_event_receiver_http_endpoint = "http://localhost:9021"
websub_event_receiver_https_endpoint = "https://localhost:8021"

[apim.sync_runtime_artifacts.gateway]
gateway_labels =["Default"]

#[apim.cache.gateway_token]
#enable = true
#expiry_time = "900s"

#[apim.cache.resource]
#enable = true
#expiry_time = "900s"

#[apim.cache.km_token]
#enable = false
#expiry_time = "15m"

#[apim.cache.recent_apis]
#enable = false

#[apim.cache.scopes]
#enable = true

#[apim.cache.publisher_roles]
#enable = true

#[apim.cache.jwt_claim]
#enable = true
#expiry_time = "15m"

#[apim.cache.tags]
#expiry_time = "2m"

#[apim.analytics]
#enable = false
#properties."publisher.reporter.class" = "io.entgra.api.analytics.data.publisher.CustomReporter"
#config_endpoint = "https://localhost:8080/auth/v1"
#auth_token = ""

#[apim.key_manager]
#service_url = "https://localhost:9443/services/"
#username = "$ref{super_admin.username}"
#password = "$ref{super_admin.password}"
#pool.init_idle_capacity = 50
#pool.max_idle = 100
#key_validation_handler_type = "default"
#key_validation_handler_type = "custom"
#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"

#[apim.idp]
#server_url = "https://localhost:${mgt.transport.https.port}"
#authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize"
#oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout"
#oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession"

#[apim.jwt]
#enable = true
#encoding = "base64" # base64,base64url
#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
#claim_dialect = "http://wso2.org/claims"
#convert_dialect = false
#header = "X-JWT-Assertion"
#signing_algorithm = "SHA256withRSA"
#enable_user_claims = true
#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"

[apim.oauth_config]
# ------------------Enabled for IOT/EMM ---------------------------
enable_outbound_auth_header = true
#auth_header = "Authorization"
#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
#enable_token_encryption = false
#enable_token_hashing = false

[apim.devportal]
url = "https://${MGT_HOSTNAME}/devportal"
#enable_application_sharing = false
#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
#display_multiple_versions = false
#display_deprecated_apis = false
#enable_comments = true
#enable_ratings = true
#enable_forum = true
#enable_anonymous_mode=true
#enable_cross_tenant_subscriptions = true
#default_reserved_username = "apim_reserved_user"

[apim.cors]
allow_origins = "*"
allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"]
allow_credentials = false

#[apim.throttling]
#enable_data_publishing = true
#enable_policy_deploy = true
#enable_blacklist_condition = true
#enable_persistence = true
#throttle_decision_endpoints = ["tcp://${MANAGER_IP}:5672","tcp://${WORKER_IP}:5672"]
#event_duplicate_url = ["tcp://${MANAGER_IP}:5672"]

#[apim.throttling.blacklist_condition]
#start_delay = "5m"
#period = "1h"

#[apim.throttling.jms]
#start_delay = "5m"

#[apim.throttling.event_sync]
#hostName = "0.0.0.0"
#port = 11224

#[apim.throttling.event_management]
#hostName = "0.0.0.0"
#port = 10005

#[[apim.throttling.url_group]]
#traffic_manager_urls = ["tcp://${MANAGER_IP}:9611","tcp://${WORKER_IP}:9611"]
#traffic_manager_auth_urls = ["ssl://${MANAGER_IP}:9711","ssl://${WORKER_IP}:9711"]
#type = "loadbalance"

[apim.cache_invalidation]
enabled = true

#[[apim.throttling.url_group]]
#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
#type = "failover"

#[apim.workflow]
#enable = false
#service_url = "https://localhost:9445/bpmn"
#username = "$ref{super_admin.username}"
#password = "$ref{super_admin.password}"
#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
#token_endpoint = "https://localhost:${https.nio.port}/token"
#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
#client_registration_username = "$ref{super_admin.username}"
#client_registration_password = "$ref{super_admin.password}"

#data bridge config
#[transport.receiver]
#type = "binary"
#worker_threads = 10
#session_timeout = "30m"
#keystore.file_name = "$ref{keystore.tls.file_name}"
#keystore.password = "$ref{keystore.tls.password}"
#tcp_port = 9611
#ssl_port = 9711
#ssl_receiver_thread_pool_size = 100
#tcp_receiver_thread_pool_size = 100
#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]

#[apim.notification]
#from_address = "APIM.com"
#username = "APIM"
#password = "APIM+123"
#hostname = "localhost"
#port = 3025
#enable_start_tls = false
#enable_authentication = true

#[apim.token.revocation]
#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
#enable_realtime_notifier = true
#realtime_notifier.ttl = 5000
#enable_persistent_notifier = true
#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
#persistent_notifier.ttl = 5000
#persistent_notifier.username = "root"
#persistent_notifier.password = "root"

[[event_handler]]
name="userPostSelfRegistration"
subscriptions=["POST_ADD_USER"]

[service_provider]
sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"

[database.local]
url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"

[[event_listener]]
id = "token_revocation"
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name = "org.wso2.is.notification.ApimOauthEventInterceptor"
order = 1
[event_listener.properties]
notification_endpoint = "https://${KM_HOSTNAME}/internal/data/v1/notify"
username = "${admin.username}"
password = "${admin.password}"
'header.X-WSO2-KEY-MANAGER' = "default"

[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["_TokenAPI_.xml", "_API_Application_Registration_.xml", "health-check.xml"]
sequences = ["_api_registration_fault_.xml"]

[transport.https.properties]
maxHttpHeaderSize="16384"
proxyPort = 443

#[[transport.http.proxy_profile]]
#proxy_host = "10.12.0.4"
#proxy_port = "8080"
#target_hosts = ["*"]
#
#[[transport.http.secured_proxy_profile]]
#proxy_host = "10.12.0.4"
#proxy_port = "8080"
#target_hosts = ["*"]

[transport.http.properties]
maxHttpHeaderSize="16384"

[oauth.grant_type.jwt_bearer]
grant_handler="io.entgra.device.mgt.core.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler"

[[oauth.custom_grant_type]]
name="access_token"
grant_handler="io.entgra.device.mgt.core.device.mgt.oauth.extensions.handlers.grant.AccessTokenGrantHandler"
grant_validator="io.entgra.device.mgt.core.device.mgt.oauth.extensions.validators.AccessTokenGrantValidator"

[oauth.token_renewal]
renew_refresh_token=false

[admin_service.wsdl]
enable = false

[mdm_ui_conf]
tags = ["device_management", "transport_management"]
scopes = ["perm:app:review:view", "perm:app:review:update", "perm:app:publisher:view", "perm:app:publisher:update", "perm:app:store:view", "perm:app:subscription:install", "perm:app:subscription:uninstall", "perm:admin:app:review:update", "perm:admin:app:review:view", "perm:admin:app:publisher:update", "perm:admin:app:review:update", "perm:admin:app:subscription:view", "perm:device-types:types", "perm:enterprise:modify", "perm:enterprise:view", "perm:android-work:customer", "perm:android-work:admin", "perm:application-command:modify", "perm:sign-csr", "perm:admin:devices:view", "perm:admin:topics:view", "perm:roles:add", "perm:roles:add-users", "perm:roles:update", "perm:roles:permissions", "perm:roles:details", "perm:roles:view", "perm:roles:create-combined-role", "perm:roles:delete", "perm:dashboard:vulnerabilities", "perm:dashboard:non-compliant-count", "perm:dashboard:non-compliant", "perm:dashboard:by-groups", "perm:dashboard:device-counts", "perm:dashboard:feature-non-compliant", "perm:dashboard:count-overview", "perm:dashboard:filtered-count", "perm:dashboard:details", "perm:get-activity", "perm:devices:delete", "perm:devices:applications", "perm:devices:effective-policy", "perm:devices:compliance-data", "perm:devices:features", "perm:devices:operations", "perm:devices:search", "perm:devices:details", "perm:devices:update", "perm:devices:view", "perm:view-configuration", "perm:manage-configuration", "perm:policies:remove", "perm:policies:priorities", "perm:policies:deactivate", "perm:policies:get-policy-details", "perm:policies:manage", "perm:policies:activate", "perm:policies:update", "perm:policies:changes", "perm:policies:get-details", "perm:users:add", "perm:users:details", "perm:users:count", "perm:users:delete", "perm:users:roles", "perm:users:user-details", "perm:users:credentials", "perm:users:search", "perm:users:is-exist", "perm:users:update", "perm:users:send-invitation", "perm:admin-users:view", "perm:admin:devices:update-enrollment", "perm:groups:devices", "perm:groups:update", "perm:groups:add", "perm:groups:device", "perm:groups:devices-count", "perm:groups:remove", "perm:groups:groups", "perm:groups:groups-view", "perm:groups:share", "perm:groups:count", "perm:groups:roles", "perm:groups:devices-remove", "perm:groups:devices-add", "perm:groups:assign", "perm:device-types:configs", "perm:device-types:features", "perm:device-types:types", "perm:applications:install", "perm:applications:uninstall", "perm:admin-groups:count", "perm:admin-groups:view", "perm:admin-groups:add", "perm:notifications:mark-checked", "perm:notifications:view", "perm:admin:certificates:delete", "perm:admin:certificates:details", "perm:admin:certificates:view", "perm:admin:certificates:add", "perm:admin:certificates:verify", "perm:admin", "perm:devicetype:deployment", "perm:device-types:events", "perm:device-types:events:view", "perm:admin:device-type", "perm:admin:device-type:view", "perm:admin:device-type:configs", "perm:device:enroll", "perm:geo-service:analytics-view", "perm:geo-service:alerts-manage", "appm:read", "perm:devices:permanent-delete", "perm:android:manage-configuration", "perm:android:view-configuration", "perm:user:permission-view", "perm:ios:view-configuration", "perm:ios:manage-configuration", "perm:ios:dep-view", "perm:ios:dep-add", "perm:windows:view-configuration", "perm:windows:manage-configuration", "perm:android:lock-devices", "perm:android:unlock-devices", "perm:android:location", "perm:android:clear-password", "perm:android:control-camera", "perm:android:enterprise-wipe", "perm:android:wipe", "perm:android:ring", "perm:android:applications", "perm:android:reboot", "perm:android:change-LockTask", "perm:android:mute", "perm:android:configure-display-message", "perm:android:send-app-restrictions", "perm:android:file-transfer", "perm:android:set-webclip", "perm:android:set-password-policy", "perm:android:change-lock-code", "perm:android:upgrade-firmware", "perm:android:send-notification", "perm:geo-service:geo-fence", "perm:metadata:view", "perm:metadata:create", "perm:metadata:update", "perm:sms-handler:view-configuration", "perm:com-module:admin:configure", "perm:com-module:admin:enrol", "perm:com-module:admin:status-update", "perm:com-module:view", "perm:rmr:admin:add-schedule", "perm:rmr:admin:assign-meter", "perm:rmr:admin:attach-com", "perm:rmr:admin:billing-registers-retrieve", "perm:rmr:admin:delete-schedule", "perm:rmr:admin:detach-com", "perm:rmr:admin:detach-meter", "perm:rmr:admin:enrol", "perm:rmr:admin:load-profile-retrieve", "perm:rmr:admin:remote-relay-off", "perm:rmr:admin:replace-meter", "perm:rmr:admin:self-test", "perm:rmr:admin:time-sync", "perm:rmr:admin:update-meter-mode", "perm:rmr:admin:update-meter-state", "perm:rmr:admin:update-schedule", "perm:rmr:admin:view-meter-reading", "perm:rmr:admin:view-schedule", "perm:rmr:device:assign", "perm:rmr:device:enrol", "perm:rmr:device:install", "perm:rmr:device:unassign", "perm:rmr:device:validate", "perm:rmr:device:view", "perm:rmr:sms", "perm:sim:admin:enrol", "perm:sim:admin:permanent-delete", "perm:sim:admin:update", "perm:sim:view", "perm:power-meter-dlms:event-mgt", "perm:rmr:admin:upload-credentials", "perm:rmr:admin:remote-configure", "perm:rmr:view-configuration", "perm:rmr:manage-configuration", "perm:com-module:types-view", "perm:com-module:signal-view", "perm:com-module:admin:attach-sim", "perm:com-module:admin:detach-sim", "perm:rmr:device:report-event", "perm:meter-request:view", "perm:meter-request:create", "perm:meter-request:cancel", "perm:meter-request:first-review", "perm:meter-request:second-review", "perm:meter-request:assign", "perm:meter-request:dispatch", "perm:meter-request:receive", "perm:meter-request:admin:update", "perm:rmr:admin:update-customer-assign", "perm:rmr:device:view-install-data", "perm:rmr:self-test", "perm:rmr:user:branches", "perm:rmr:admin:branch-overview", "perm:rmr:admin:branch-assignment", "perm:rmr:admin:reachability-overview", "perm:rmr:admin:signal-reception", "perm:rmr:admin:customer-overview", "perm:rmr:admin:customer-locations", "perm:rmr:admin:system-dashboard", "perm:rmr:admin:meter-inventory", "perm:rmr:admin:meter-reachability-report", "perm:sim:types:view", "perm:rmr:device:types:view", "perm:sg:cb:admin:add", "perm:sg:cb:admin:view", "perm:sg:cb:admin:attach-sim", "perm:sg:cb:admin:detach-sim", "perm:sg:cb:admin:status-update", "perm:sg:oc:admin:add", "perm:sg:oc:admin:view", "perm:sg:oc:admin:attach-cb", "perm:sg:oc:admin:detach-cb", "perm:sg:oc:admin:status-update", "perm:sg:oc:admin:upload-config", "perm:sg:oc:admin:download-config", "perm:sg:admin:register-read", "perm:sg:admin:event-read", "perm:sg:admin:enroll", "perm:sg:admin:install-sg", "perm:sg:admin:operation-execute"]
enable_sso=false

[device_mgt_conf.policy_conf]
monitoring_enable=false

[device_mgt_conf.certificate_cache_conf]
enable=false

[device_mgt_conf.event_operation_task_conf]
enable=false

[device_mgt_conf.remote_session_conf]
enabled=false

[device_mgt_conf.push_notification_conf]
scheduler_batch_size=1000
scheduler_batch_delay_mills=10000
scheduler_task_initial_delay=10000
scheduler_task_enabled=false
push_notification_providers=["io.entgra.proprietary.switchgear.iec104.adaptor.IEC104PushNotificationProvider"]

#[sim.datasource]
#name="jdbc/DM_DS"

[database.device_mgt]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/DM_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[database.switchgear]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/DM_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[database.sim_mgt]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/DM_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[[device_mgt_conf.operation_timeout_conf]]
device_types=["switchgear_controlbox"]
code="DOUBLE_COMMAND"
initial_status="PENDING"
timeout=30000
next_status="ERROR"

[[device_mgt_conf.operation_timeout_conf]]
device_types=["switchgear_controlbox"]
code="DOUBLE_COMMAND"
initial_status="CONFIRMED"
timeout=30000
next_status="ERROR"

[heart_beat_beacon_conf]
enable=true
notifier_initial_delay_in_seconds=30
notifier_frequency_in_seconds=60
time_skew_in_seconds=5
sever_timeout_interval_in_seconds=60

[heart_beat_beacon_conf.cluster_formation_changed_configs]
cluster_formation_changed_notifiers=["io.entgra.proprietary.switchgear.iec104.adaptor.ClusterFormationChangedReceiver"]

[database.heart_beat]
type = "mysql"
url = "jdbc:mysql://${DB_HOST}:3306/HEART_BEAT_DB?allowPublicKeyRetrieval=true&amp;useSSL=false"
username = "${DB_USERNAME}"
password = "${DB_PASSWORD}"
driver = "com.mysql.cj.jdbc.Driver"

[switchgear]
operation_mgt.read_only=false
communication.device_stability_wait_time=30000

[device_mgt_conf.identity_conf]
server_url="https://localhost:9443"
admin_username="${admin.username}"
admin_password="${admin.password}"

[device_mgt_conf.key_manager_conf]
server_url="https://localhost:9443"
admin_username="${admin.username}"
admin_password="${admin.password}"

[[switchgear.ui_config.dashboards]]
name="KIBANA_DASHBOARD"
url="https://logs.sg.local/app/dashboards#/view/c6df6590-be16-11ec-8519-d1b35b9753bc?embed=true&amp;_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3Anow%2Fd%2Cto%3Anow%2Fd))&amp;show-query-input=true&amp;show-time-filter=true"