WSO2 Open Banking for Australia currently supports only evaluation purposes. This is available only as a WUM update and is effective from December 02, 2019 (12-02-2019). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
WSO2 Open Banking now supports the Consumer Data Standard (CDS). This document guides you through the configurations and troubleshooting that you need to set up the solution in your local environment.
The scripts for the below local setup in the Quick Start Guide are configured for a Linux and MySQL/MSSQL environment. Notice that WSO2 Open Banking solution is applicable to Windows/Linux and MySQL/MSSQL and Oracle environments.
Prerequisites
- Download Oracle JDK 1.8 in all the nodes of the setup.
In the environment variables, update the
JAVA_HOME
andPATH
variables. For instance, you can do this on a Mac/Linux server by adding the following to the~/.bashrc file:
export JAVA_HOME="<JDK_LOCATION>" export PATH=$PATH:$JAVA_HOME/bin
Download and unzip the following files:
wso2-obam-1.4.0.zip (WSO2 Open Banking API Manager)
wso2-obkm-1.4.0.zip (WSO2 Open Banking Key Manager)
Setup a database server using MySQL 5.7+, Microsoft SQL Server 2016+ or, Oracle 12c.
Setting up the databases
To start the servers, configure the databases in both the API Manager (WSO2 OB APIM) and the Key Manager (WSO2 OB KM) according to the open banking specification, as follows: Open the Specify the hostnames for the APIM and KM servers. Configure the databases related properties. Type of the database you installed Configure If you are using MSSQL or Oracle, create the following databases before executing the Go to the Go to the Go to the You have configured the databases in step 1. By running the Configure the open-banking specification to deploy the solution according to the AU specification. The Configure the authentication web app. Update the Update the Configure the According to CDS, an Access Token must expire between 2 minutes to 10 minutes after the Data Holder issues it. To configure the validity period of the Access Token in seconds, update the following configurations in the To enable Request-URI validation, open the By default, Add the following You are now ready to start the Key Manager and API Manager servers. To start the WSO2 OB KM server, go to the Run the following command from the Execute the following command against the By default, WSO2 Open Banking comes with basic authentication configured. For CX guideline aligned experience, you can configure Identifier-first authentication paired with a secondary identity provider. In this section, we configure SMS OTP as the secondary identity provider. The Identifier-first login enables identifying the individuals prior to authenticating them. It retrieves the identity of the user without using authentication information and uses that identity to control the authentication flow. For more information, see Identifier-first Flow Handler. The Identifier-first is a handler that can be configured at any step in the authentication flow. However, it is not an authenticator by itself and needs to be configured along with another authenticator in order for the authentication process to be successful. To enable the Identifier-first authenticator in WSO2 OB KM, add the following configurations to the Configure the Key Manager Extension to use Identifier-first as the primary authenticator. To use SMS OTP with Identifier-first authentication, configure <WSO2_OB_KM_HOME>/repository/resources/finance/scripts/
file and configure the following:startup.properties
# Specify the hostname you want to configure
APIM_HOSTNAME=localhost
IAM_HOSTNAME=localhost
Database Property Description DB_TYPE
DB_TYPE=mysql
DB_USER
Database user DB_PASS
Password set for the database connection DB_HOST
Name of the database server DB_DRIVER
DB_DRIVER
according to the database installed:com.mysql.jdbc.Driver
com.microsoft.sqlserver.jdbc.SQLServerDriver
oracle.jdbc.driver.OracleDriver
configure-km.sh
file.openbank_am_configdb
openbank_apimgt_statsdb
openbank_apimgtdb
openbank_openbankingdb
openbank_govdb
openbank_iskm_configdb
openbank_mbstoredb
openbank_userdb
<WSO2_OB_KM_HOME>/repository/resources/finance/scripts
directory and execute the following command:./configure-km.sh
<WSO2_OB_APIM_HOME>/repository/resources/finance/scripts
directory and configure the database properties in the startup.properties
file, similar to Step 1.<WSO2_OB_APIM_HOME>/repository/resources/finance/scripts
directory and execute the following command:./configure-am.sh
configure.sh
files, you set the database credentials with reference to the configuration files.Setting up the servers
<DeployedSpecification>
configuration is used to define the deployed specification at runtime. In the following files, update the <DeployedSpecification>
value as AU
.<WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
<WSO2_OB_KM_HOME>/repository/conf/identity/application-authentication.xml
file with the following configurations:<AuthenticationEndpointURL>https://localhost:9446/authenticationendpoint/login.do</AuthenticationEndpointURL>
<AuthenticationEndpointRetryURL>https://localhost:9446/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
<AuthenticationEndpointMissingClaimsURL>/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>
<AuthenticatorConfig name="FIDOAuthenticator" enabled="true">
<Parameter name="FidoAuth">/authenticationendpoint/fido-auth.jsp</Parameter>
<!--Please uncomment the following property and define AppID if you are using proxy configurations-->
<!--<Parameter name="AppID">https://localhost</Parameter>-->
</AuthenticatorConfig>
<WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml
file with the following configurations:<OpenID>
<OpenIDLoginUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/openid_login.do
</OpenIDLoginUrl>
</OpenID>
<OAuth>
<OAuth2ConsentPage>${carbon.protocol}://localhost:${carbon.management.port}/ob/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage>
<OAuth2ErrorPage>${carbon.protocol}://localhost:${carbon.management.port}/authenticationendpoint/oauth2_error.do</OAuth2ErrorPage>
<OIDCConsentPage>${carbon.protocol}://localhost:${carbon.management.port}/ob/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
<OIDCLogoutConsentPage>${carbon.protocol}://localhost:${carbon.management.port}/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
<OIDCLogoutPage>${carbon.protocol}://localhost:${carbon.management.port}/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
</OAuth>
<SSOService>
<DefaultLogoutEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_logout.do</DefaultLogoutEndpoint>
<NotificationEndpoint>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/samlsso_notification.do</NotificationEndpoint>
</SSOService>
<PassiveSTS>
<RetryURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/retry.do</RetryURL>
</PassiveSTS>
IDTokenBuilder
in the <WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml
file as follows:<OpenIDConnect>
<IDTokenBuilder>com.wso2.finance.open.banking.idtoken.builder.AUIDTokeBuilder</IDTokenBuilder>
</OpenIDConnect>
<WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml
file.<OAuth>
<UserAccessTokenDefaultValidityPeriod>120</UserAccessTokenDefaultValidityPeriod>
</OAuth>
<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
file and add the following configurations under the <UK>
tag:<!-- Validate AccountID with consented accountID in account retrieval -->
<ValidateAccountIdOnRetrieval>true</ValidateAccountIdOnRetrieval>
Enforcement
caching is enabled in the solution. To customize them, open the <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
file and add the following under the <Server>
tag:<AU>
<Enforcement>
<Cache>
<CacheEnabled>true</CacheEnabled>
<ModifiedExpiryMinutes>15</ModifiedExpiryMinutes>
<AccessedExpiryMinutes>15</AccessedExpiryMinutes>
</Cache>
</Enforcement>
</AU>
Consent
Enforcement
handler configurations to the <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml
file, below the#if($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler")
line.##
## Start of AU Specification Handlers
##
#if($apiObj.additionalProperties.get("ob-spec") == "au")
<handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>
<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">
<property name="validationBaseUrl" value="https://localhost:9446/consent/au100"/>
</handler>
#end
##
## End of AU Specific Handlers
##
<WSO2_OB_KM_HOME>/bin
directory and execute the following command:./wso2server.sh -Dsetup
<WSO2_OB_APIM_HOME>/bin
directory to start the WSO2 OB APIM server:./wso2server.sh -Dsetup
openbank_openbankingdb
database:ALTER TABLE OB_CONSENT_METADATA DROP FOREIGN KEY FK_CONSENT_ID_UK_INITIATION;
Configuring consumer authentication
Configuring Identifier-first authentication
<WSO2_OB_KM>/repository/conf/identity/application-authentication.xml
file under the <AuthenticatorConfigs>
tag.<AuthenticatorConfig name="IdentifierExecutor" enabled="true">
<Parameter name="ValidateUsername">false</Parameter>
</AuthenticatorConfig>
Open the <WSO2_OB_APIM>/repository/conf/finance/open-banking.xml
file and add the following under the <SCA>
configurations.<SCA>
<!--Configure the primary authenticator / 1st step authenticator-->
<PrimaryAuthenticator>
<Name>IdentifierExecutor</Name>
<DisplayName>identifier-first</DisplayName>
</PrimaryAuthenticator>
</SCA>
Configuring SMS OTP as an identity provider for Identifier-first
<WSO2_OB_KM>/repository/conf/identity/application-authentication.xml
as follows:<AuthenticatorConfig name="SMSOTP" enabled="true">
<Parameter name="usecase">subjectUri</Parameter>
<Parameter name="secondaryUserstore">primary</Parameter>
</AuthenticatorConfig>
Configuring users
Sign in to the Identity and Access Management console (
https://localhost:9446/carbon
). Use the default super admin credentials as follows:Username: admin@wso2.com
Password: wso2123
The above mentioned username and password credentials are used for demo purposes only. It is recommended to change the credentials in a production environment.
Create the necessary user accounts as follows:
On the Main tab, click Identity > Users and Roles > Add > Add New User.
Create the following user:
User Roles mark@gold.com Internal/creator
,Internal/publisher
Click Next > and assign roles.
Click Finish.
Now that you’ve added some users to the system, you can log in as one of them to see how a typical user might work with the WSO2 Open Banking solution.
Configuring APIs
You can configure APIs through the API Publisher by signing in as a user whose role includes Sign in to the API Publisher ( Click ADD NEW API > I have an existing API. Select the Swagger definition in the Click Upload In Flow and select the Click Next: Manage to navigate to the next level. Expand API Properties and add the following values as Additional properties: Property Name Property Value Click the + button to save the above values as follows: In flowInternal/publisher
. Follow the steps given below:https://
) with the credentials for mark@gold.com.localhost
:9443/publisher<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/1.0.0/consumer-data-standards.yaml
file and configure the properties according to the open-banking specification.
Click Start Creating.<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/1.0.0/cds-dynamic-endpoint-insequence-1.0.0.xml
file.ob-spec au Summarized information for configuring APIs
API Implement tab Manage tab Endpoint type Endpoint Enable Message mediation API property name API property value Consumer Data Standards API v1.0.0 Dynamic N/A Mark as checked
<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/1.0.0/cds-dynamic-endpoint-insequence-1.0.0.xml
ob-spec
au
What's Next
Now that you have created the APIs that allow you to initiate payments and access account information, let's try out the flows in WSO2 Open Banking: