Do the following configurations in API Manager and restart the server.
Make sure the Key Manager server is running before you start the API Manager server.
Go to the <WSO2_OB_APIM_HOME>/bin directory and execute the following command:
./wso2server.sh
Configuring datasources
Make sure to update the URL, username, password, and driver class name accordingly.
Configure the
<WSO2_OB_APIM_HOME>/repository/conf/datasources/file with the following configurations.master-datasources.xmlIf you are using Oracle, update the
validationQueryin each datasource with the following value.<validationQuery>SELECT 1 FROM DUAL</validationQuery>
<datasources> <datasource> <name>WSO2_CARBON_DB</name> <description>The datasource used for registry and user manager</description> <jndiConfig> <name>jdbc/WSO2CarbonDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url> <username>wso2carbon</username> <password>wso2carbon</password> <driverClassName>org.h2.Driver</driverClassName> <maxActive>50</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <validationInterval>30000</validationInterval> </configuration> </definition> </datasource> <datasource> <name>WSO2AM_DB</name> <description>The datasource used for API Manager database</description> <jndiConfig> <name>jdbc/WSO2AM_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2AM_STATS_DB</name> <description>The datasource used for getting statistics to API Manager</description> <jndiConfig> <name>jdbc/WSO2AM_STATS_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2_MB_STORE_DB</name> <description>The datasource used for message broker database</description> <jndiConfig> <name>WSO2MBStoreDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_mbstoredb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2UM_DB</name> <description>The datasource used by user manager</description> <jndiConfig> <name>jdbc/WSO2UM_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_userdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2CONFIG_DB</name> <description>The datasource used by the registry</description> <jndiConfig> <name>jdbc/WSO2Config_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_am_configdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2REG_DB</name> <description>The datasource used by the registry</description> <jndiConfig> <name>jdbc/WSO2REG_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_govdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> </datasources>
Copy the
<WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2-obcommon-conf/open-banking-datasources.xmlfile into the<WSO2_OB_APIM_HOME>/repository/conf/datasourcesdirectory.Open
<WSO2_APIM_KM_HOME>/repository/conf/datasources/open-banking-datasources.xmland update theWSO2_OPEN_BANKING_DBdatasource with the following configurations:<datasources> <datasource> <name>WSO2_OPEN_BANKING_DB</name> <description>The datasource used for registry and user manager</description> <jndiConfig> <name>jdbc/WSO2OpenBankingDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>com.mysql.jdbc.Driver</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> </datasources>
Update the properties of the
<WSO2_OB_APIM_HOME>/repository/conf/registry.xmlfile appropriately.<dbConfig name="wso2registry"> <dataSource>jdbc/WSO2CarbonDB</dataSource> </dbConfig> <dbConfig name="configRegistry"> <dataSource>jdbc/WSO2Config_DB</dataSource> </dbConfig> <remoteInstance url="https://localhost:9443/registry"> <id>configInstance</id> <dbConfig>configRegistry</dbConfig> <readOnly>false</readOnly> <enableCache>true</enableCache> <registryRoot>/</registryRoot> </remoteInstance> <mount path="/_system/config" overwrite="true"> <instanceId>configInstance</instanceId> <targetPath>/_system/config</targetPath> </mount> <dbConfig name="governanceRegistry"> <dataSource>jdbc/WSO2REG_DB</dataSource> </dbConfig> <remoteInstance url="https://localhost:9443/registry"> <id>governanceInstance</id> <dbConfig>governanceRegistry</dbConfig> <readOnly>false</readOnly> <enableCache>true</enableCache> <registryRoot>/</registryRoot> </remoteInstance> <mount path="/_system/governance" overwrite="true"> <instanceId>governanceInstance</instanceId> <targetPath>/_system/governance</targetPath> </mount>Update the data source of the
<WSO2_OB_APIM_HOME>/repository/conf/file in order to point to theuser-mgt.xmlWSO2UM_DB.<Property name="dataSource">jdbc/WSO2UM_DB</Property>
Enable the internal JDBC user store of the
<WSO2_OB_APIM_HOME>/repository/conf/user-mgt.xmlfile. Update theUsernameJavaRegEx,UsernameJavaScriptRegEx,IsBulkImportSupported, andUsernameWithEmailJavaScriptRegExproperties using the sample configuration given below:<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property> <Property name="ReadOnly">false</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="UsernameJavaRegEx">[email protected]_-{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-][email protected][a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property> <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property> <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="CaseInsensitiveUsername">true</Property> <Property name="SCIMEnabled">false</Property> <Property name="IsBulkImportSupported">false</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="MultiAttributeSeparator">,</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property> </UserStoreManager>
Configuring the api-manager.xml file
Update the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file with the following configurations.
Add the port to the
ServerURLparameter of authentication service underAuthManagerandAPIKeyValidator.<ServerURL>https://<WSO2_OB_KM_HOST>:9446${carbon.context}services/</ServerURL>Update the endpoint URLs for the APIs hosted in this API Gateway under
GatewayEndpointparameter as follows:<GatewayEndpoint>http://<WSO2_OB_APIM_HOST>:${http.nio.port},https://<WSO2_OB_APIM_HOST>:${https.nio.port}</GatewayEndpoint>Enable analytics for the API Manager under
Analyticsparameter as follows:<Analytics> <Enabled>true</Enabled> </Analytics>
Update the
StreamProceesorUsername,StreamProcessorRestApiUsernameas follows:<StreamProcessorUsername>[email protected]@carbon.super</StreamProcessorUsername> <StreamProcessorRestApiUsername>[email protected]@carbon.super</StreamProcessorRestApiUsername>
Update
UsernameunderPolicyDeployeras follows:<PolicyDeployer> <Username>[email protected]@carbon.super</Username> </PolicyDeployer>
Update the
PublisherClassin API usage data publisher.<PublisherClass>com.wso2.finance.open.banking.gateway.uk.monitoring.publisher.OBUsageDataBridgeDataPublisher</PublisherClass>
Change the value to
WSClientunderAPIKeyValidator. After this configuration, it switches back to web service client.<KeyValidatorClientType>WSClient</KeyValidatorClientType>
Update the value as
falsefor theEnableThriftServer.<EnableThriftServer>false</EnableThriftServer>
Update
KeyManagerClientImplunderAPIManager.<KeyManagerClientImpl>com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient</KeyManagerClientImpl>
Disable
RemoveOAuthHeadersFromOutMessageto remove OAuth headers from an outgoing message by updating the value asfalseofRemoveOAuthHeadersFromOutMessageunderOAuthConfigurationsparameter.<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
Update the
ScopeWhiteListunderOAuthConfigurationsas following:<ScopeWhitelist> <Scope>openid</Scope> <Scope>^OB_.*</Scope> <Scope>^TIME_.*</Scope> </ScopeWhitelist>Set the value as
falseforDisplayCommentsandDisplayRatingsunderAPIStore.<DisplayComments>false</DisplayComments> <DisplayRatings>false</DisplayRatings>
Add URL under
APIPublisher.<URL>https://<WSO2_OB_APIM_HOST>:${mgt.transport.https.port}/publisher</URL>Update
connectionfactory.TopicConnectionFactoryunderJMSConnectionParametersas follows:<JMSConnectionParameters> <connectionfactory.TopicConnectionFactory> amqp://admin!wso2.com!carbon.super:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}' </connectionfactory.TopicConnectionFactory> </JMSConnectionParameters>If you are using Dynamic Client Registration (DCR), add the following metadata configurations to the
<WSO2_OB_APIM_HOME>/repository/conf/api-manager.xmlfile.<ApplicationConfiguration> <ApplicationAttributes> <Attribute required="false"> <Name>software_client_name_sandbox</Name> <Description>Software Client Name of sandbox</Description> </Attribute> <Attribute required="false"> <Name>software_client_name_production</Name> <Description>Software Client Name of production</Description> </Attribute> </ApplicationAttributes> </ApplicationConfiguration>
Configuring the carbon.xml file
Update HostName and MgtHostName with the IP address of the API Manager server in the
<WSO2_OBAM_HOME>/repository/conf/carbon.xml file.
<HostName><WSO2_OB_APIM_HOST></HostName> <MgtHostName><WSO2_OB_APIM_HOST></MgtHostName>
Disabling weak ciphers
A cipher is an algorithm for performing encryption or decryption. When you set the SSL protocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks. To prevent these types of security attacks, it is encouraged to disable the weak ciphers.
Refer to Disabling weak ciphers in the WSO2 Administration Guide and disable weak ciphers.
Overview
Content Tools
Activity