Configuring Organization Credentials in Mule Runtime 4
Organization credentials provide a way to uniquely identify a specific environment, an organization, or a business group when linking Mule runtime engine (Mule) to an organization using Anypoint Platform. Credentials for environments, organizations, and business groups consist of two keys: the client ID and a client secret. Mule uses these credentials to connect to and access your organization.
The recommended way to link Mule to Anypoint API Manager (API Manager), is by using the environment client ID and secret. You may also use the organization client ID and secret, or even business group credentials if you want to track APIs defined in business groups linked to Mule or belonging to a parent business group linked to Mule.
When you use environment credentials, you can manage APIs that are specific to only that environment. If your APIs are in different environments of Anypoint Platform, you must specify instead the credentials of the organization that contains both environments.
You can also use parent organization credentials to manage child organization APIs. For example, if ACME is the parent organization and Logistics is a business group (child organization) within ACME, your API Administrator can track APIs created in Logistics using the credentials of either Logistics or of ACME.
You can identify client applications with client ID and secret. However, it is recommended that client application credentials not be used in place of organization credentials. Otherwise Mule is not linked correctly to the organization.
You can only successfully pair Mule to your organization if Mule is started using Anypoint Platform credentials that are already configured. If you provision an adapter with organization credentials, you can manage APIs on only that specific adapter of your organization.
Obtaining Credentials
Because you are required to provide credentials from time to time when using API Manager, you might need to obtain these credentials for various client applications. You can obtain environment and organization credentials using the procedures explained in this section.
Obtaining Environment Credentials (Recommended)
To obtain environment credentials:
-
Log in to Anypoint Platform as an administrator, and click Access Management.
-
Click the Environments tab and click the name of your environment within your desired organization.
Remember that environment credentials are only available in the post-crowd (November 2017) release version of the platform.
Configuring Credentials for Standalone Deployments
Automatic Runtime Manager Agent Setup Mechanism
If you are setting up a stand alone instance, and you would like to register the Runtime Manager agent:
-
Log in to Anypoint Platform as an administrator, and click Runtime Manager.
-
Click the Servers tab, then Add Server.
-
Run the command you are prompted to run. This command looks similar to this:
<MULE_HOME>/bin/./amc_setup -H bb123456-789c-1234-9fd3-58f4b5e2d82e---123 server-nameWhere
MULE_HOMEis a variable holding the root directory of the Mule installation. For example,/opt/Mule/mule-enterprise-standalone/.
Executing this command configures your runtime agent, and the automatically adds the correct organization credentials to your Mule with the correct organization credentials and URLs, so your Mule is linked to a specific organization.
After registering the agent, the wrapper.conf file is modified with the required data so configuration changes are made persistent.
Manual Configuration
If you are setting up an on premises instance to point to a specific organization, you need to add your credentials in the wrapper.conf file (persistent approach) or specifying the credentials data using the command line.
Using the Wrapper.conf File
The configuration file is placed in the <MULE_HOME>/conf directory, where MULE_HOME is a variable holding the root directory of the Mule installation.
-
Navigate to your $MULE_HOME directory.
-
Open the file located in
/conf/wrapper.conf. -
Add your Anypoint Platform Organization credentials like shown below:
wrapper.java.additional.<n>=-Danypoint.platform.client_id=XXXXXXXX wrapper.java.additional.<n>=-Danypoint.platform.client_secret=XXXXXXXX<n>must be a unique number, not used by any other entry in that file. We recommend you to use the next incremental value over the previous entries in the list.If two or more lines use the same
<n>identifier, only the first value with that number is taken into account.If your organization is defined in the EU control plane, you need to define two additional keys:
wrapper.java.additional.<n>=-Danypoint.platform.base_uri=https://eu1.anypoint.mulesoft.com wrapper.java.additional.<n>=-Danypoint.platform.analytics_base_uri=https://analytics-ingest.eu1.anypoint.mulesoft.com
Using the Command Line
You can pass your credentials at start up time by using the following arguments:
MULE_HOME/bin/mule \
-M-Danypoint.platform.client_id=XXXXXXXX \
-M-Danypoint.platform.client_secret=XXXXXXXXMULE_HOME\bin\mule.bat -M-Danypoint.platform.client_id=XXXXXXXX -M-Danypoint.platform.client_secret=XXXXXXXXIf your organization is defined in the EU control plane, you should define the base URLS by adding two additional keys:
MULE_HOME/bin/mule \
-M-Danypoint.platform.client_id=XXXXXXXX \
-M-Danypoint.platform.client_secret=XXXXXXXX \
-M-Danypoint.platform.base_uri=https://eu1.anypoint.mulesoft.com \
-M-Danypoint.platform.analytics_base_uri=https://analytics-ingest.eu1.anypoint.mulesoft.comMULE_HOME\bin\mule.bat -M-Danypoint.platform.client_id=XXXXXXXX -M-Danypoint.platform.client_secret=XXXXXXXX -M-Danypoint.platform.base_uri=https://eu1.anypoint.mulesoft.com -M-Danypoint.platform.analytics_base_uri=https://analytics-ingest.eu1.anypoint.mulesoft.comThe same applies if you are pointing at an organization defined in a Private Cloud Edition. You would need to provide the URLs for your Private Cloud Edition installation.
Configuring Credentials for Anypoint Studio 7
You can configure Studio 7 to work with your Anypoint Platform organization for testing connectivity and governance applied to endpoints.
-
In Anypoint Studio, click Anypoint Studio from the top menu bar, and Preferences.
-
Under Anypoint Studio, click API Manager
-
Type in the client ID and secret under Environment Credentials:
If your organization is defined in the EU control plane, then you must also specify the base URL for that plane:
The same applies if you are pointing at an organization defined in a Private Cloud Edition. You would need to provide the URLs for your Private Cloud Edition installation.
Configuring Credentials in Runtime Manager for your Deployed Application
Automatic Auto-generated Proxy Deploy Mechanism
You can deploy an auto-generated proxy from your API directly to Cloudhub.
-
Log in to Anypoint Platform as an administrator, and click API Manager.
-
From the list of available APIs, click the API version of the API from which you want to auto-generate a proxy.
-
Click the Settings tab, and navigate to the Deployment Configuration.
-
Configure your runtime version and your proxy application name, and click Deploy.
When you deploy a proxy using this mechanism, the system automatically configures the organization credentials (and URLs, if applicable) for you. You may take a look at them in Runtime Manager → <Application Name> → Settings → Properties.
Manual Configuration
-
Navigate to Runtime Manager in Anypoint Platform.
-
Access the Properties section of the deployed application. If the application is being deployed for the first time, the Properties section will appear during the deployment configuration.
-
In the Properties section, add the following properties:
anypoint.platform.client_id=XXXXXXXX anypoint.platform.client_secret=XXXXXXXXIf your organization is defined in the EU control plane or using a Mule Private Cloud Edition, you should define the base URLS by adding two additional keys:
anypoint.platform.client_id=XXXXXXXX anypoint.platform.client_secret=XXXXXXXX anypoint.platform.base_uri=https://eu1.anypoint.mulesoft.com anypoint.platform.analytics_base_uri=https://analytics-ingest.eu1.anypoint.mulesoft.comThe same applies if you are pointing at an organization defined in a Private Cloud Edition. You would need to provide the URLs for your Private Cloud Edition installation.