WSO2 Identity Server 5 minutes

Installing WSO2 Identity Server on Windows

Rob Blaauboer
Rob Blaauboer
Integration Consultant & WSO2 Trainer
Installing WSO2 Identity Server on Windows

In this blog, I’m going to describe a generic way of installation of the WSO2 Identity Server on your Windows machine. Why generic? Well, simply because although the versions of the Identity Server may change, the installation procedure for the Identity Server, and in general all WSO2 products, is pretty much the same. I am going to describe a situation where we install as little as possible and also not make lasting changes to the PC. We can surely also run in VirtualBox with Vagrant, but that would require additional installations which I would like to avoid. 

Hardware and OS

So, what do we need, what do we need? Well, first of all, a Windows PC. Although other operating systems of course will also work (e.g. Linux), they require a different setup and this blog is about installation on Windows – and to be more specific: Windows 10. 

Microsoft’ strategy to push Windows 10 into the market with free updates has surely worked with more than 1 billion devices running Windows 10. However, the older versions will probably also work. As far as the hardware goes, let’s say that we need a modern PC meaning Intel Core i3, i5, i7 or equivalent chips from AMD, 8 gigabytes of Ram and all the other things that you expect from a modern-day PC.


For the large part, WSO2 is written in Java and therefore a JDK or JRE is needed. These supply the environment that is needed to run WSO2. There are a number of Java versions, numbered from 1 to 18 at the moment. However, WSO2 requires either Java 8 or 11. When we consider the Identity Server, Java 8 is a good choice since it will accommodate older versions of the Identity Server. If you are sticking with, for instance, Identity Server 5.11.0, Java 11 works. As far as the distribution, Adopt OpenJDK is ok, but others also work. If you also want to enable the Analytics, you must use Java 8 since Java 11 is not supported. In this example, I am showing both, but only using Java 8.

Let’s start by downloading Adopt OpenJDK 11 from this URL (Java 8 can be found here as well). We will use the zip file rather than the installer(MSI). Make sure you have the right version, i.e. x64.


For this blog, I am going to use the Apache 2.0 version of the Identity Server. This version can freely be used as described in the license, but it is not suited for use in a production environment. 

I will download the version directly from the WSO2 GitHub page for Identity Server. Please download both files, wso2am-5.11.0.zip and wso2is-analytics-5.8.0.zip. It is a good idea to also download the MD5 checksum (wso2is-5.11.0.zip.md5 and wso2is-analytics-5.8.0.zip.md5) to verify the download. When you calculate the checksum on your PC, it should match the one you downloaded.

Open a CMD window and type the following command:

Installing WSO2 Identity Server on Windows 1

CertUtil -hashfile <path to file> MD5

Change the <path to file> to the actual path and file location.

Installing WSO2 Identity Server on Windows 2

Compare this to the MD5 file 0df61b29b7245cc5499a4d65ba7212a0 wso2is-5.11.0.zip. Repeat for the Analytics zip as well.

Creating a directory

Create a directory on, for instance, the desktop using File Explorer. Call it, for instance, WSO2-IS.

Copy the three downloaded files (JDK, IS and Analytics) to that directory. Unzip each zip. You will end up with this:

Installing WSO2 Identity Server on Windows 3

I do not want to change any environment variables or path settings, so I am going to create a batch file that will set the required variables like:

  • PATH

This change is only for the duration of the batch file.

But first we need to enable the analytics in the WSO2 Identity Server. This is done by changing the deployment.toml file in [IS-HOME]/repository/conf. 

Add these two:




Search for Analytics.

Installing WSO2 Identity Server on Windows 4

Save the file. We now have enabled analytics. But we also need to make sure that the products trust each other!

Trust relationship

We need to establish a trust relationship by mutually exporting the certificate from the wso2carbon.jks and importing it in the client-truststore. Execute these commands in a command window. Change the location (i.e. C:\Users…) to match your local installation.

# Exporting certificates
keytool -exportcert -alias wso2carbon -file wso2analyticscert -keystore C:\Users\rob\Desktop\WSO2-IS\wso2is-analytics-5.8.0\resources\security\wso2carbon.jks -storepass wso2carbon
keytool -exportcert -alias wso2carbon -file wso2iscert -keystore C:\Users\rob\Desktop\WSO2-IS\wso2is-5.11.0\repository\resources\security\wso2carbon.jks -storepass wso2carbon
# Import certificates 
keytool -importcert -alias wso2analytics -file wso2iscert -keystore C:\Users\rob\Desktop\WSO2-IS\wso2is-analytics-5.8.0\resources\security\client-truststore.jks -trustcacerts -storepass wso2carbon -noprompt
keytool -importcert -alias wso2is -file wso2analyticscert -keystore C:\Users\rob\Desktop\WSO2-IS\wso2is-5.11.0\repository\resources\security\client-truststore.jks -trustcacerts -storepass wso2carbon -noprompt

Starting everything

The batch file looks something like this. It will set the parameters JAVA_HOME and PATH for the duration of the batch file and command window. Change the location (i.e. C:\Users…) to match your local installation.

@echo Setting JAVA_HOME
@SET "JAVA_HOME=C:\Users\rob\Desktop\WSO2-IS\jdk8u292-b10"

@echo Setting PATH
@SET "PATH=C:\Users\rob\Desktop\WSO2-IS\jdk8u292-b10\bin;%PATH%"
@echo PATH: %PATH%

@echo starting WSO2 IS Analytics Worker Node
@cd C:\Users\rob\Desktop\WSO2-IS\wso2is-analytics-5.8.0\bin
@start worker.bat

@echo starting WSO2 AM Analytics Dashboard Node
@cd C:\Users\rob\Desktop\ WSO2-IS\wso2is-analytics-5.8.0\bin
@start dashboard.bat

@echo starting WSO2 IS 5.11.0
@cd C:\Users\rob\Desktop\WSO2-IS\wso2is-5.11.0\bin
@start wso2server.bat

@cd ..\..

@echo Done

@echo Done


This will start the worker, dashboard and Identity Server in three separate windows whilst not making permanent changes to the computer, only for the duration of the command / terminal session the values have changed but also set to their original values. You can access the Identity Server via the Management UI, MyAccount portal, Identity Server Console in your browser. This is the link to the Analytics Dashboard


This is a simple and non intrusive way to install the WSO2 Identity Server and Analytics on your PC. If you were to fully automate the setup with PowerShell, you could create a simple batch file that you could run whenever you need a setup on your PC. 

If you want to learn more about Identity Server, please take a look at our Yenlo Training pages.