How to Install a New Key Store into WSO2 Enterprise Store

You can create a new key store, get the public certificate signed and get your public certificate exported from the key store and imported to trust store following 1,2 and 3 steps documented in the following blog - Hasini's Blog - Install a New Key store

After you have completed creating the new key store from the above steps next is to configure WSO2 Enterprise Store to work with the new key store.

Change the Configuration Files

 

1. Change the carbon.xml in [Product_Home]/repository/conf

 <KeyStore>
            <!-- Keystore file location-->
            <Location>${carbon.home}/repository/resources/security/mykeystore.jks</Location>
            <!-- Keystore type (JKS/PKCS12 etc.)-->
            <Type>JKS</Type>
            <!-- Keystore password-->
            <Password>mypkpassword</Password>
            <!-- Private Key alias-->
            <KeyAlias>mycert</KeyAlias>
            <!-- Private Key password-->
            <KeyPassword>mypkpassword</KeyPassword>
    </KeyStore>


<RegistryKeyStore>
            <!-- Keystore file location-->
            <Location>${carbon.home}/repository/resources/security/mykeystore.jks</Location>
            <!-- Keystore type (JKS/PKCS12 etc.)-->
            <Type>JKS</Type>
            <!-- Keystore password-->
            <Password>mypkpassword</Password>
            <!-- Private Key alias-->
            <KeyAlias>mycert</KeyAlias>
            <!-- Private Key password-->
            <KeyPassword>mypkpassword</KeyPassword>
 </RegistryKeyStore>

2. Change the catalina-server.xml in [Product_Home]/repository/conf/tomcat

This configuration resists under Connector protocl - port 9443

keystoreFile="${carbon.home}/repository/resources/security/mykeystore.jks"
keystorePass="mypkpassword"

3. Change the publisher.json in [Product_Home]/repository/deployment/server/jaggeryapps/publisher/config

You have to change this file in-order to authenticate successfully for the Enterprise Store - Publisher. If these configuration is not done you will not be able to login to publisher. The identityAlias should be the alias you use to import the pem details of your key to the client-trustore.jks

"authentication": {
        "activeMethod": "sso",
        "methods": {
            "sso": {
                "attributes": {
                    "issuer": "publisher",
                    "identityProviderURL": "%https.carbon.local.ip%/samlsso",
                    "identityAlias": "mynewcert",
                    "responseSigningEnabled": "true",
                    "acs": "%https.host%/publisher/acs",
                    "useTenantKey": false
                }
        }

4. Change the store.json in [Product_Home]/repository/deployment/server/jaggeryapps/store/config

You have to change this file in-order to authenticate successfully for the Enterprise Store - Store. If these configuration is not done you will not be able to login to store. The identityAlias should be the alias you use to import the pem details of your key to the client-trustore.jks


"authentication": {
        "activeMethod": "sso",
        "methods": {
            "sso": {
                "attributes": {
                    "issuer": "store",
                    "identityProviderURL": "%https.carbon.local.ip%/samlsso",
                    "identityAlias": "mynewcert",
                    "responseSigningEnabled": "true",
                    "acs": "%https.host%/store/acs",
                    "useTenantKey": false
                }
     },

That's it! Now the New key store is installed into WSO2 Enterprise Store. If in any case configurations have changed you can locate all the configuration files that have references to keystores, you can use the grep command as follows:

Open a command prompt and navigate to the <PRODUCT_HOME>/repository/conf/ directory where your product stores all configuration files.
 
Execute the following command: grep -nr ".jks" .

The configuration files and the keystore files referred to in each file will be listed. You can check what files you have not configured to point to the new key store.

How to Enable Email as Username for WSO2 Products (Email Authentication)

At present most people prefer to use their email as their username for any login since it's easy to remember the email rather than several non-email usernames. From this post my aim is to cover up how to enable email as username or email authentication for WSO2 products.

To enable Email as username/ Email authentication the following steps should be followed :

1. Enable Email Authentication in carbon.xml

You have to go to [Product_Home]/repository/conf/carbon.xml and enable the email authentication as follows :

<EnableEmailUserName>true</EnableEmailUserName>

2.Provide the Correct Regular expression to allow Email addresses for user store via the user-mgt.xml

 You can find the user-mgt.xml in [Product_Home]/repository/conf directory

<Property name="UsernameJavaRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>

3. Create the Admin user with an Email address in user-mgt.xml

<AdminUser>
               <UserName>admin@wso2.com</UserName>
               <Password>admin</Password>
</AdminUser>


Now you can login as admin@wso2.com and create users using Email as username

The above few steps will enable Email authentication. If you want to allow both email as username and normal authentication you just have to add the following line to your user store configuration. (jdbc user store/ldap/Active directory)

<Property name="UsernameWithEmailJavaScriptRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>

That's it!!