This documentation is for WSO2 Open Banking version 1.3.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

The WSO2 Open Banking Business Intelligence component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It also supports business key performance indicator (KPI) dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits.  The configurable alerting module enables informing the necessary parties of abnormal behavior, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

Before you begin,

Download Open Banking Business Intelligence and unzip the file, or add it through WUM using the following commands:

  1. Add the wso2-obbi-1.3.0 WUM pack.

    wum add wso2-obbi-1.3.0
  2. Update the wso2-obbi-1.3.0 product pack using WUM.

    wum update wso2-obbi-1.3.0

Configuring databases

To configure the databases, follow the steps below:

Create the openbank_tra_db and openbank_consentdb databases in your database server.

  1. Update the  <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml file by changing the TRA_DB and CONSENT_DB data sources. Point them to the databases you created. 

    If you are using Oracle, update the connectionTestQuery in each datasource with the following value.

    connectionTestQuery: SELECT 1 FROM DUAL
     	- name: TRA_DB
          description: The datasource used to store accounts and transactions data for OB TRA module
          jndiConfig:
          	name: jdbc/TRA_DB
          definition:
          	type: RDBMS
            configuration:
            	jdbcUrl: 'jdbc:<DB_TYPE>://<DB_HOST>:<DB_PORT>/openbank_tra_db?autoReconnect=true&useSSL=false'
                username: <DB_USER>
                password: <DB_PASSWORD>
                driverClassName: <DB_DRIVER>
                maxPoolSize: 20
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                validationTimeout: 30000
                isAutoCommit: false
                isAutoCommit: false
    
        - name: CONSENT_DB
          description: The datasource used to store payment consents
          jndiConfig:
            name: jdbc/CONSENT_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:<DB_TYPE>://<DB_HOST>:<DB_PORT>/openbank_consentdb?autoReconnect=true&useSSL=false'
              username: <DB_USER>
              password: <DB_PASSWORD>
              driverClassName: <DB_DRIVER>
              maxPoolSize: 20
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              validationTimeout: 30000
              isAutoCommit: false
  2. Update the <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml file by changing the TRA_DB data source entry:

    If you are using Oracle, update the connectionTestQuery in each datasource with the following value.

    connectionTestQuery: SELECT 1 FROM DUAL
      - name: TRA_DB
      	description: The datasource used to store accounts and transactions data for OB TRA module
      	jndiConfig:
      		name: jdbc/TRA_DB
      	definition:
      		type: RDBMS
        	configuration:
        		jdbcUrl: 'jdbc:<DB_TYPE>://<DB_HOST>:<DB_PORT>/openbank_tra_db?autoReconnect=true&useSSL=false'
        		username: <DB_USER>
        		password: <DB_PASSWORD>
        		driverClassName: <DB_DRIVER>
            	maxPoolSize: 20
            	idleTimeout: 60000
            	connectionTestQuery: SELECT 1
            	validationTimeout: 30000
            	isAutoCommit: false
            	isAutoCommit: false

Configuring keystores

In the SSL handshake between the API Management profile and the Business Intelligence profile, the client/API Management profile needs to verify the certificate presented by the server/Business Intelligence profile. For this purpose, the client stores the trusted certificate of the server in the client-truststore.jks keystore.

If you use a custom keystore, import the public key certificate of the Analytics profile into the client-truststore.jks file of the API Management profile. To export the public key from the server, and import it into the client's truststore, follow the steps below:

Step 1: Generating a CA-signed certificate

First, you need to generate a Certificate Signing Request (CSR) for your keystore (.jks file). This CSR file can then be certified by a certification authority (CA), which is an entity that issues digital certificates. These certificates certify the ownership of a public key.

  1. Execute the following command to generate the CSR:

    keytool -certreq -alias certalias -file newcertreq.csr -keystore newkeystore.jks

    Once the password is given, the command outputs the new certreq.csr file to the wso2-obbi-1.3.0/resources/security directory. This is the CSR that you must submit to a CA.

  2. You must provide this CSR file to the CA.
  3. After accepting the request, a signed certificate is provided along with a root certificate and several intermediate certificates (depending on the CA) as a bundle (.zip file).

Step 2: Importing certificates to the keystore

Follow the steps given below to import the CA-signed certificate to your keystore.

  1. Before importing the CA-signed certificate to the keystore, you must add the root CA certificate and the two (related) intermediate certificates by executing the commands given below. Note that the sample certificates given above are used as examples:

    keytool -import -v -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore newkeystore.jks -storepass mypassword
    
    keytool -import -v -trustcacerts -alias TrustCA -file COMODORSAAddTrustCA.crt -keystore newkeystore.jks -storepass mypassword
    
    keytool -import -v -trustcacerts -alias SecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore newkeystore.jks -storepass mypassword 
  2. After you add the root certificate and all other intermediate certificates, add the CA-signed SSL certificate to the keystore by executing the following command:

    keytool -import -v -alias newcert -file <test_sampleapp_org.crt> -keystore newkeystore.jks -keypass mypassword -storepass mypassword
    In this command, use the same alias (i.e., newcert) that you used while creating the keystore.


    Now you have a Java keystore, which includes a CA-signed public key certificate that can be used for SSL in a production environment. 

    Next, you may need to add the same CA-signed public key certificate to the client-truststore.jks file. This provides security, and trust for backend communication/inter-system communication of WSO2 products via SSL.

Step 3: Importing certificates to the truststore

In SSL handshake, the client needs to verify the certificate presented by the server. For this purpose, the client usually stores the certificates it trusts, in a truststore. To enable secure and trusted backend communication, all WSO2 products are shipped with a truststore named client-truststore.jks, which resides in the same directory as the default keystore (wso2-obbi-1.3.0/resources/security).

Follow the steps given below to import the same CA-signed public key certificate (which you obtained in the previous step) into your WSO2 product's default truststore (client-truststore.jks).

  1. Take a copy of the client-truststore.jks file from the wso2-obbi-1.3.0/resources/security directory.
  2. Export the public key from your .jks file using the following command.

    keytool -export -alias certalias -keystore newkeystore.jks -file <public key name>.pem
  3. Import the public key you extracted in the previous step to the client-truststore.jks file using the following command.

    keytool -import -alias certalias -file <public key name>.pem -keystore client-truststore.jks -storepass wso2carbon

    Note that wso2carbon is the keystore password of the default client-truststore.jks file.

    Now, you have an SSL certificate stored in a Java keystore and a public key added to the client-truststore.jks file. Note that both these files should be in the wso2-obbi-1.3.0/resources/security directory. You can now replace the default wso2carbon.jks keystore in your product with the newly created keystore by updating the relevant configuration files in your product.

Enabling Transaction Risk Analysis (TRA) and Fraud Detection

  1. Open the wso2-obkm-1.3.0/repository/conf/finance/open-banking.xml file and wso2-obam-1.3.0/repository/conf/finance/open-banking.xml file to enable Transaction Risk Analysis (TRA):

    <TRA>
       <IsEnabled>true</IsEnabled>
    </TRA>
  2. Open the wso2-obkm-1.3.0/repository/conf/finance/open-banking.xml file and wso2-obam-1.3.0/repository/conf/finance/open-banking.xml file to enable fraud detection:

    <FraudDetection>
       <IsEnabled>true</IsEnabled>
    </FraudDetection>
  3. Open the wso2-obbi-1.3.0/resources/finance/scripts/startup.properties file and enable fraud detection dashboards:

    #Fraud Detection dashboards enabled
    FRAUD_DASHBOARDS=true

Enabling performance tuning and starting the servers

  1. You can enable performance tuning by adding configurations, as described in Performance Tuning in the WSO2 Stream Processor documentation.

  2. Open the <WSO2_OB_BI_HOME>/resources/finance/scripts/startup.properties file and configure the following database properties:

    PropertyDescription

    DB_TYPE

    Type of the database you installed. For example,

    DB_TYPE=mysql

    DB_USER

    Database user

    DB_PASS

    Password set for the database connection

    DB_HOST

    Name of the database server

    DB_DRIVER

    Configure DB_DRIVER according to the database installed:

    Mysql JDBC Driver = com.mysql.jdbc.Driver  

    MSSQL JDBC Driver = com.microsoft.sqlserver.jdbc.SQLServerDriver

    Oracle JDBC Driver = oracle.jdbc.driver.OracleDriver

  3. Set execute permissions to the <WSO2_OB_BI_HOME>/resources/finance/scripts/configure-bi.sh file and run it using the following command:

    ./configure-bi.sh
  4. Navigate to the <WSO2_OB_BI_HOME>/bin directory and give execute permissions to the worker.sh file.

  5. Run the following command and start the WSO2 Open Banking Business Intelligence in worker profile.

    ./worker.sh 

    The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. For more information, see Data Reporting.

  • No labels