Integration Control Plane Configuration Catalog¶
All the server-level configurations of your Integration Control Plane can be applied using a single configuration file, which is the deployment.toml
file (stored in the ICP_HOME/conf
directory).
The complete list of configuration parameters that you can use in the deployment.toml
file are listed below along with descriptions.
Instructions for use¶
To update the product configurations:
- Open the
deployment.toml
file (stored in theICP_HOME/conf
directory). - Select the required configuration headers and parameters from the list given below and apply them to the
deployment.toml
file.
The default deployment.toml
file of the Integration Control Plane is as follows:
[server_config]
port = 9743
[heartbeat_config]
pool_size = 15
[mi_super_admin]
username = "admin"
password = "admin"
[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"
Deployment¶
[server_config]
port = 9743
[server_config]
Required
This configuration header is required for configuring the deployment parameters that are used for identifying a Integration Control Plane server.
port
integer Required
9743
The port of the Integration Control Plane.
Heart beat¶
[heartbeat_config]
pool_size = 15
[heartbeat_config]
Required
This configuration header is required for the Integration Control Plane server to listen to the Micro Integrator runtimes.
pool_size
integer Required
15
The Integration Control Plane uses a thread pool executor to create threads and to handle incoming requests from Micro Integrator runtimes. This parameter controls the number of threads used by the executor pool.
Integration Control Plane User Store¶
[mi_super_admin]
username = "admin"
password = "admin"
[mi_super_admin]
Required
This configuration header is required for the Integration Control Plane server to connect with the Micro Integrator instances.
username
string Required
"admin"
The user name for signing in to the Micro Integrator runtimes.
password
string Required
"admin"
The user password for signing in to the Micro Integrator runtimes.
Keystore¶
[keystore]
file_name = "conf/security/dashboard.jks"
password = "wso2carbon"
key_password = "wso2carbon"
[keystore]
Required
This configuration header is used for SSL handshaking when the server communicates with the web browser.
file_name
string Required
conf/security/dashboard.jks
-
The name of the keystore file that is used for SSL communication.
password
string Required
wso2carbon
The password of the keystore file that is used for SSL communication. The keystore password is used when accessing the keys in the keystore.
key_password
string Required
wso2carbon
The password of the private key that is included in the keystore.
Truststore¶
[truststore]
file_name="con/security/wso2truststore.jks"
password="wso2carbon"
[truststore]
This configuration header is required for configuring the parameters that connect the Integration Control Plane to the keystore file (trust store) that is used to store the digital certificates that the server trusts for SSL communication.
file_name
string Required
The path of the keystore file that is used for storing the trusted digital certificates.
password
string Required
The password of the keystore file that is used as the trust store.
Single Sign-On¶
Note
- To enable this feature, upgrade the Micro Integrator Dashboard to version 4.0.1 or higher, or the Integration Control Plane to version 1.0.0 or higher.
- This feature was tested with WSO2 IS 5.10.0 and Shibboleth 4.1.2. There may be compatibility issues when using other vendors.
[sso]
enable = true
client_id = "abcqet54mfD6t5d7"
base_url = "https://localhost/oauth2"
jwt_issuer = "https://localhost/oauth2"
resource_server_URLs = ["https://localhost:9743"]
sign_in_redirect_URL = "https://localhost:9743/sso"
admin_group_attribute = "groups"
admin_groups = ["admin", "tester"]
[[sso.authorization_request.params]]
key = "app_id"
value = "C123d"
[sso]
Required
This configuration header is required for configuring Single Sign-on with OpenID Connect.
enable
boolean Required
false
true or false
Use this paramater to enable Single Sign-On.
client_id
string Required
Specify the client ID generated from the Identity Provider.
base_url
string Required
The URL of the Identity Provider.
well_known_endpoint
string
The well known endpoint that is used to get the OpenID Connect metadata of your Identity Provider.
jwt_issuer
string Required
The Identity Provider's issuer identifier.
override_well_known_endpoint
boolean
false
true or false
Use this paramater to manually define the OpenID Connect endpoints of the Identity Provider. When overriding is enabled, you need to define authorization, token, user-info, token-revocation, introspection and logout endpoints.
jwks_endpoint
string
The Jwks endpoint URL.
authorization_endpoint
string
"/oauth2/authorize"
The authorization endpoint URL.
token_endpoint
string
"/oauth2/token"
The token endpoint URL.
user_info_endpoint
string
The user info endpoint URL.
revocation_endpoint
string
"/oauth2/revoke"
The token revocation endpoint URL.
introspection_endpoint
string
The introspection endpoint URL.
end_session_endpoint
string
"/oidc/logout"
The logout endpoint URL.
resource_server_URLs
array Required
["https://localhost:9743"]
["https://{hostname/ip}:{port}"]
The URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.
sign_in_redirect_URL
string Required
"https://localhost:9743/sso"
"https://{hostname/ip}:{port}/sso"
The Sign In redirect URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.
sign_out_redirect_URL
string
"https://localhost:9743"
"https://{hostname/ip}:{port}"
The Sign Out redirect URL of the Integration Control Plane. Be sure to replace {hostname/ip} and {port} with the relevant values.
admin_group_attribute
string
The claim name used by the Identity Provider to determine the group of the user.
admin_groups
array
["publisher", "tester", "any group assigned to the users"]
The groups which are used to grant admin privileges to users. If the user belongs to any of the defined groups, that user is considered as an Admin user.
enable_PKCE
boolean
true
true or false
Use this paramater to specify if a PKCE should be sent with the request for the authorization code.
send_cookies_in_requests
boolean
true
true or false
Use this paramater to specify whether to include cookies in requests.
scope
array
["openid"]
Use this paramater to specify the requested scopes.
user_name_attribute
string
"sub"
Use this paramater to specify the attribute you need to use as the user name in the ICP server.
additional_trusted_audience
array
["account", "finance", "additional trusted audience other than client id"]
The additional audience apart from the client_id
configured in sso configs.
[[sso.authorization_request.params]]
This configuration header is required for defining custom parameters that needs to be sent with the Authorization request to the Identity Provider.
key
string
Use this parameter to specify the key of the parameter you want to send with the authorization request.
value
string
Use this parameter to specify the value of the parameter you want to send with the authorization request.