Skip to content

Integration Control Plane Configuration Catalog

All the server-level configurations of your Integration Control Plane can be applied using a single configuration file, which is the deployment.toml file (stored in the ICP_HOME/conf directory).

The complete list of configuration parameters that you can use in the deployment.toml file are listed below along with descriptions.

Instructions for use

To update the product configurations:

  1. Open the deployment.toml file (stored in the ICP_HOME/conf directory).
  2. Select the required configuration headers and parameters from the list given below and apply them to the deployment.toml file.

The default deployment.toml file of the Integration Control Plane is as follows:

[server_config]
port = 9743

[heartbeat_config]
pool_size = 15

[mi_super_admin]
username = "admin"
password = "admin"

[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"

Deployment

[server_config]
port = 9743
[server_config] Required

This configuration header is required for configuring the deployment parameters that are used for identifying a Integration Control Plane server.

port

integer Required

Default: 9743

The port of the Integration Control Plane.

Heart beat

[heartbeat_config]
pool_size = 15
[heartbeat_config] Required

This configuration header is required for the Integration Control Plane server to listen to the Micro Integrator runtimes.

pool_size

integer Required

Default: 15

The Integration Control Plane uses a thread pool executor to create threads and to handle incoming requests from Micro Integrator runtimes. This parameter controls the number of threads used by the executor pool.

Integration Control Plane User Store

[mi_super_admin]
username = "admin"
password = "admin"
[mi_super_admin] Required

This configuration header is required for the Integration Control Plane server to connect with the Micro Integrator instances.

username

string Required

Default: "admin"

The user name for signing in to the Micro Integrator runtimes.

password

string Required

Default: "admin"

The user password for signing in to the Micro Integrator runtimes.

Keystore

[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"
[keystore] Required

This configuration header is used for SSL handshaking when the server communicates with the web browser.

file_name

string Required

Default: conf/security/dashboard.jks
Possible Values: -

The name of the keystore file that is used for SSL communication.

password

string Required

Default: wso2carbon

The password of the keystore file that is used for SSL communication. The keystore password is used when accessing the keys in the keystore.

key_password

string Required

Default: wso2carbon

The password of the private key that is included in the keystore.

Truststore

[truststore]
file_name="con/security/wso2truststore.jks"
password="wso2carbon"
[truststore]

This configuration header is required for configuring the parameters that connect the Integration Control Plane to the keystore file (trust store) that is used to store the digital certificates that the server trusts for SSL communication.

file_name

string Required

The path of the keystore file that is used for storing the trusted digital certificates.

password

string Required

The password of the keystore file that is used as the trust store.

Single Sign-On

Note

  • To enable this feature, upgrade the Micro Integrator Dashboard to version 4.0.1 or higher, or the Integration Control Plane to version 1.0.0 or higher.
  • This feature was tested with WSO2 IS 5.10.0 and Shibboleth 4.1.2. There may be compatibility issues when using other vendors.
[sso]
enable = true
client_id = "abcqet54mfD6t5d7"
base_url = "https://localhost/oauth2"
jwt_issuer = "https://localhost/oauth2"
resource_server_URLs = ["https://localhost:9743"]
sign_in_redirect_URL = "https://localhost:9743/sso"
admin_group_attribute = "groups"
admin_groups = ["admin", "tester"]

[[sso.authorization_request.params]]
key = "app_id"
value = "C123d"

[sso] Required

This configuration header is required for configuring Single Sign-on with OpenID Connect.

enable

boolean Required

Default: false
Possible Values: true or false

Use this paramater to enable Single Sign-On.

client_id

string Required

Specify the client ID generated from the Identity Provider.

base_url

string Required

The URL of the Identity Provider.

well_known_endpoint

string

The well known endpoint that is used to get the OpenID Connect metadata of your Identity Provider.

jwt_issuer

string Required

The Identity Provider's issuer identifier.

override_well_known_endpoint

boolean

Default: false
Possible Values: true or false

Use this paramater to manually define the OpenID Connect endpoints of the Identity Provider. When overriding is enabled, you need to define authorization, token, user-info, token-revocation, introspection and logout endpoints.

jwks_endpoint

string

The Jwks endpoint URL.

authorization_endpoint

string

Default: "/oauth2/authorize"

The authorization endpoint URL.

token_endpoint

string

Default: "/oauth2/token"

The token endpoint URL.

user_info_endpoint

string

The user info endpoint URL.

revocation_endpoint

string

Default: "/oauth2/revoke"

The token revocation endpoint URL.

introspection_endpoint

string

The introspection endpoint URL.

end_session_endpoint

string

Default: "/oidc/logout"

The logout endpoint URL.

resource_server_URLs

array Required

Default: ["https://localhost:9743"]
Possible Values: ["https://{hostname/ip}:{port}"]

The URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.

sign_in_redirect_URL

string Required

Default: "https://localhost:9743/sso"
Possible Values: "https://{hostname/ip}:{port}/sso"

The Sign In redirect URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.

sign_out_redirect_URL

string

Default: "https://localhost:9743"
Possible Values: "https://{hostname/ip}:{port}"

The Sign Out redirect URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.

admin_group_attribute

string

The claim name used by the Identity Provider to determine the group of the user.

admin_groups

array

Possible Values: ["publisher", "tester", "any group assigned to the users"]

The groups which are used to grant admin privileges to users. If the user belongs to any of the defined groups, that user is considered as an Admin user.

enable_PKCE

boolean

Default: true
Possible Values: true or false

Use this paramater to specify if a PKCE should be sent with the request for the authorization code.

send_cookies_in_requests

boolean

Default: true
Possible Values: true or false

Use this paramater to specify whether to include cookies in requests.

scope

array

Default: ["openid"]

Use this paramater to specify the requested scopes.

user_name_attribute

string

Default: "sub"

Use this paramater to specify the attribute you need to use as the user name in the ICP server.

additional_trusted_audience

array

Possible Values: ["account", "finance", "additional trusted audience other than client id"]

The additional audience apart from the client_id configured in sso configs.

[[sso.authorization_request.params]]

This configuration header is required for defining custom parameters that needs to be sent with the Authorization request to the Identity Provider.

key

string

Use this parameter to specify the key of the parameter you want to send with the authorization request.

value

string

Use this parameter to specify the value of the parameter you want to send with the authorization request.