Skip to end of metadata
Go to start of metadata

This document provides you with instructions on how to configure and try out WSO2 Open Banking in your local environment.

The scripts for the below local setup in the Quick Start Guide are configured for a Linux and MySQL/MSSQL environment. Notice that WSO2 Open Banking solution is applicable to Windows/Linux and MySQL/MSSQL and Oracle environments.

Prerequisites

  1. Download Oracle JDK 1.8 in all the nodes of the setup.
    • In the environment variables, update the JAVA_HOME and PATH variables. For instance, you can do this on a Mac/Linux server by adding the following to the ~/.bashrc file:

      export JAVA_HOME="<JDK_LOCATION>"
      
      export PATH=$PATH:$JAVA_HOME/bin
  2. Download and unzip the following files:

    • wso2-obiam-2.0.0.zip (WSO2 Open Banking Identity and Access Management Module)
    • wso2-obam-2.0.0.zip (WSO2 Open Banking API Management Module) 


    "WSO2 Updates Manager (WUM) is deprecated and will be unavailable from August 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates."

     Click here to see how to download the packs from WUM

    Set up the WSO2 Update Manager (WUM). 

    • WUM is a simple command-line tool that connects to the WSO2 update service, determines which updates are new and relevant, and downloads them. You can get the latest version of the WSO2 Open Banking product packs through WUM.

      License

      WSO2 Open Banking is not distributed under the Apache Community License and is only available under the WSO2 Software License. You need a WSO2 subscription to install and update the WSO2 Open Banking solution via WUM. Contact us to find out how you can access a free evaluation copy.

    "WSO2 Updates Manager (WUM) is deprecated and will be unavailable from August 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates."


    • Follow the guidelines provided in the Download WUM page to download, and install WUM in your environment. For more information on how to use WUM, see the WUM documentation.

        1. Add the necessary product packs using the commands given below:

          wum add wso2-obam-2.0.0              		 	                	     
          wum add wso2-obiam-2.0.0 
        2. Update the product packs using the commands given below:

          wum update wso2-obam-2.0.0	                	     
          wum update wso2-obiam-2.0.0               	     
        3. Additionally, download and update the other instances of WSO2 Open Banking product.

          wum add wso2ei-6.4.0
          wum update wso2ei-6.4.0
          
          wum add wso2am-analytics-3.1.0    
          wum update wso2am-analytics-3.1.0 
             
          wum add wso2-obbi-2.0.0
          wum update wso2-obbi-2.0.0

          WSO2 OB APIM Analytics provides the API analytics feature.

          WSO2 OB BI provides the following features:

          • API Analytics

          • Transaction Risk Analysis

          • Fraud Detection

          • Data Reporting

    • The product packs reside in the <WUM_HOME>/products/<Product_Name>/<version>/full directory as <Product_name-<version>+<timestamp>.full.zip. Copy the product packs to a preferred location in each node, and extract them.

      This document refers to the file paths of the product packs for the Identity and Access Management module, API Management module, API Manager Analytics, and Enterprise Integrator as <WSO2_OB_IAM_HOME>, <WSO2_OB_APIM_HOME>, <WSO2_AM_ANALYTICS_HOME>,<WSO2_OB_BI_HOME> and <WSO2_EI_HOME> respectively.

  3. Setup a database server using MySQL 5.7+, Microsoft SQL Server 2016+ or, Oracle 12c.

Setting up the databases and starting the servers

In order to start the servers, configure the databases in both the Identity and Access Management (IAM) and the API Manager (APIM) servers according to the open banking specification, as follows:

  1. Open the <WSO2_OB_IAM_HOME>/repository/resources/finance/scripts/startup.properties  file and configure the following:

    • Specify the hostnames for the API Management and Identity and Access Management servers.

      # Specify the hostname you want to configure
      APIM_HOSTNAME=localhost
      IAM_HOSTNAME=localhost
    • Configure the databases related properties.

      Database PropertyDescription
      DB_TYPE

      Type of the database you installed

      DB_USER Database user
      DB_PASS Password set for the database connection
      DB_HOST Name of the database server
      DB_DRIVER

      Configure DB_DRIVER according to the database installed:

      - Mysql JDBC Driver = com.mysql.jdbc.Driver
      - MSSQL JDBC Driver = com.microsoft.sqlserver.jdbc.SQLServerDriver
      - Oracle JDBC Driver = oracle.jdbc.driver.OracleDriver
      - PostgreSQL JDBC Driver = org.postgresql.Driver

      If you are using a MS SQL, Oracle, or a PostgreSQL database, see the following topics and configure the databases.

  2. Run the <WSO2_OB_IAM_HOME>/repository/resources/finance/scripts/configure-iam.sh file according to your specification:

    ./configure-iam.sh
    ./configure-iam.sh BERLIN
    ./configure-iam.sh AU

    If you're setting up Open Banking for Berlin and using Oracle or PostgreSQL databases, update the data type of the given field:  

     Click here to see the field to be updated...
    Databaseopenbank_apimgtdb
    TableAM_APPLICATION_REGISTRATION
    FieldINPUTS
    Data typeCLOB
    Databaseopenbank_apimgtdb
    TableAM_APPLICATION_REGISTRATION
    FieldINPUTS
    Data typeTEXT
  3. Go to the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts directory and configure the database properties in the startup.properties file, similar to Step 1.

  4. Run the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/configure-am.sh file.

    ./configure-am.sh
    ./configure-am.sh BERLIN
    ./configure-am.sh AU

    You have configured databases in step 1. By running the configure.sh files, you set the database credentials with reference to the configuration files.  

     Click here for more information

    The configure.sh scripts configure the solution according to the given specification:

    By default, values are set for the UK specification. Other supported specifications include:

    If you are setting up WSO2 Open Banking for Australia:

    1. According to Consumer Data Standards , an access token must expire between 2 minutes to 10 minutes after issuing it.  To configure the validity period of the access token in seconds, add the given configurations to the  <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml  file. 

      [oauth.token_validation]
      user_access_token_validity = 120
    2. To enable Request-URI validation during the account retrieval process; validate the account ID against the account ID in the consent, open  the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml   file and set the following property to  true: 

      [open_banking.account_id_validation_on_retrieval]
      enable = true
  5. You are now ready to start the servers. In the command line, navigate to the  <WSO2_OB_IAM_HOME>/bin  directory, and run the following command to start the Identity and Access Management server:

    ./wso2server.sh  
  6. Run the following command from the <WSO2_OB_APIM_HOME>/bin directory to start the API Manager server:

    ./wso2server.sh  

Configuring consumer authentication

If you're setting up WSO2 Open Banking for Australia:

By default, WSO2 Open Banking comes with basic authentication configured. For CX guideline aligned experience, you can configure Identifier-first authentication paired with a secondary identity provider. In this section, we configure SMS OTP as the secondary identity provider.

 Click here to see how it is done

Configuring Identifier-first authentication

The Identifier-first login enables identifying the individuals prior to authenticating them. It retrieves the identity of the user without using authentication information and uses that identity to control the authentication flow. For more information, see Identifier-first Flow Handler.

The Identifier-first is a handler that can be configured at any step in the authentication flow. However, it is not an authenticator by itself and needs to be configured along with another authenticator for the authentication process to be successful.

Configuring SMS OTP Authenticator

Follow the steps below to configure SMS OTP Authenticator.

  1. Start the WSO2 Open Banking Identity and Access Management (WSO2 OB IAM) server. Sign in to the Management Console (https://<WSO2_OB_IAM_HOST>:9446/carbon) as an administrator.
  2. Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
  3. Fill the Basic Information section and name this identity provider SMSAuthentication .
  4. Expand the Federated Authenticators > SMS OTP Configuration section.

  5. Select both the Enable and Default checkboxes. This is to enable and make the SMSAuthentication authenticator the default one.

    Based on your SMS provider, fill out the SMS OTP configurations.

    If Twilio is used as the SMS provider,

    Currently, the WSO2 Open Banking Identity and Access Management module supports only the following SMS providers.

  6. Click Register to add the Identity Provider. 
  7. Open the <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml file.  Update the value of the idp_name parameter with the name of the identity provider.

    [open_banking.sca]
    idp_name = "SMSAuthentication"

    To verify the SMSAuthentication authenticator:

     Click here to see how to verify the SMSAuthentication authenticator configurations...

    Follow the steps below to verify whether the SMSAuthentication authenticator is properly configured.

    1. Create an application in the WSO2 Open Banking API Management module.

    2. Generate Access Tokens and Security Keys.

    3. Log in to the Management Console as the super admin.

    4. In the Main menu under the Identity section, click List under Service Providers. The list of service providers created appears.

    5. Select the service provider with the application name you created in step A. The service provider name is in the following format:

      <WSO2_OB_APIM_ USERNAME>_<APPLICATION_NAME>_<ENVIRONMENT>

    6. Click on the corresponding Edit link.

    7. Expand Local & Outbound Authentication Configuration. Select Advanced Configuration. You can configure additional authentication steps and additional authentication options.

    8. If you have successfully configured the SMSAuthentication authenticator, you will see how it’s configured as the Federated Authenticator under Authentication Step Configuration > Step 2.

  8. Add a Local Claim. 

     Click here to see how to add a Local Claim...
    1. In the Main menu under the Identity section, click Add under Claims
    2. Select Add Local Claim
    3. Use the following configurations:

      Parameter NameTest Configuration
      Claim URI

      http://wso2.org/claims/identity/failedSmsOtpAttempts

      Display Name

      Failed SMS OTP Attempts

      DescriptionFailed SMS OTP Attempts
      Mapped Attribute 

      User Store Domain Name

      PRIMARY
       Mapped AttributefailedSmsOtpAttempts
    4. Click Add.
  9. Configure a Login Policy:

     Click here to see how to configure a Login Policy...
    1. In the Main menu under the Identity section, click Resident under Identity Providers.

    2. Expand Login Policies > Account Locking.

    3. Select the Account Lock Enabled checkbox to enable the account locking.
    4. Set the value of Maximum Failed Login Attempts to 5.
    5. Click Update.
  10. Add mobile phone as a mandatory claim:

     Click here to see how to add mobile phone as a mandatory claim...
    1. In the Main menu under the Identity section, click List under Claims
    2. Select  http://wso2.org/claims  from the list.
    3. Scroll down the available claims for http://wso2.org/claims and locate the Mobile claim.
    4. Click Edit.
    5. Select the Required checkbox to make mobile a mandatory claim. 
    6. Click Update.

    When you log in using the admin username in the authentication flow, a notification will pop up asking for the mobile number in the first attempt to log in. Enter your mobile in the format of 94123456789.

Restart the servers after configuration changes.

Configuring users and roles

  1. Sign in to the Identity and Access Management - Management Console (https://localhost:9446/carbon ). Use the default super admin credentials as follows:

    Username: admin@wso2.com

    Password: wso2123

    The above username and password credentials are for demo purposes only. It is recommended to change the credentials in a production environment.

  2. Create the necessary user roles as follows:

    • On the Main tab, click Identity > Users and Roles > Add > Add New Role.

    • Create the following user roles:

      DomainRolePermissions

      Internal

      aispRole

      No permissions required.

      Internal

      pispRole

      No permissions required.

      Internal

      piispRole

      No permissions required.

      Internal

      approverRole

      Admin permissions.

      Internal

      CustomerCareOfficer

      No permissions required.

  3. Create the necessary user accounts as follows:

      • On the Main tab, click Identity > Users and Roles > Add > Add New User.

      • Create the following users:

        DomainUserRoles
        PRIMARYmark@gold.com

        Internal/creator, Internal/publisher

        PRIMARYann@gold.comInternal/CustomerCareOfficer
        PRIMARYtom@gold.com

        Internal/approverRole

      • Click Finish.

    Now that you’ve added users to the system, you can log in as one of them to see how a user work with the WSO2 Open Banking solution.

  1. Sign in to the Identity and Access Management console ( https://localhost:9446/carbon ). Use the default super admin credentials as follows:

    Username: admin@wso2.com

    Password: wso2123

    The above-mentioned username and password credentials are used for demo purposes only. It is recommended to change the credentials in a production environment.

  2. Create the necessary user roles as follows:

    • On the Main tab, click Identity > Users and Roles > Add > Add New Role.

    • Create the following user role:

      DomainRolePermissions

      Internal

      CustomerCareOfficer

      No permissions required.

  3. Create the necessary user accounts as follows:

      • On the Main tab, click Identity > Users and Roles > Add > Add New User.

      • Create the following users:

        DomainUserRoles
        PRIMARYmark@gold.com

        Internal/creator, Internal/publisher

        PRIMARYann@gold.comInternal/CustomerCareOfficer

      • Click Next > and assign roles.

      • Click Finish.

    Now that you’ve added users to the system, you can log in as one of them to see how a user work with the WSO2 Open Banking solution.

Configuring APIs

You can configure APIs through the API Publisher by signing in as a user whose role includes Internal/publisher.  Follow the steps given below:

  1. Sign in to the API Publisher Portal (https://localhost:9443/publisher) with the credentials for mark@gold.com.

  2. In the APIs tab, select CREATE NEW API > I Have an Existing REST API

  3. Set the Input Type to OpenAPI File
  4. Click BROWSE FILE TO UPLOAD and select the Swagger definition (.yaml file) from the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/ directory based on your specification and version of the API.
  5. Click Next
  6. Set the endpoint according to your API. For more details, see the table below.
  7. Set the business plan to Unlimited : Allows unlimited  requests unless you want to limit the requests. 
  8. Click Create to create the API.
  9. Once you get the message that the API is successfully updated, go to Runtime Configurations using the left menu panel.
  10. Click the edit button under Request > Message Mediation
  11. Now, select the Custom Policy option.
  12. Upload the relevant in-sequence file and click SELECTFor more details, see the table below
  13. Scroll down and click SAVE.
  14. Now, go to Properties using the left menu panel.
  15. Click Add New Property.
  16. Add the API Properties according to your API and click the Add button.  For more details, see the table below.
    For example:
  17. Click SAVE.
  18. Go back to Overview using the left menu panel. 
  19. Click PUBLISH.
  20. The published API is available in the Developer Portal at https://localhost:9443/devportal.


Summarized information for configuring APIs

APISwagger definition (yaml file)Endpoint

Message mediation (sequence file)


API property nameAPI property value
Account and Transaction API v3.1.5<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Accounts/3.1.5/account-info-swagger-3.1.5.yaml Dynamic Endpoint

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Accounts/3.1.5/accounts-dynamic-endpoint-insequence-3.1.5.xml

ob-specuk
ob-api-typeaccount
ob-api-version3.1.5
Payment Initiation API v3.1.5<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Payments/3.1.5/ payment-swagger-3.1.5.yamlDynamic Endpoint<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Payments/3.1.5/payments-dynamic-endpoint-insequence-3.1.5.xml ob-specuk
ob-api-typepayment
ob-api-version3.1.5
Confirmation of Funds API v3.1.5<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/FundsConfirmation/3.1.5/funds-confirmation-swagger.yaml Dynamic Endpoint

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/FundsConfirmation/3.1.5/funds-confirmation-dynamic-endpoint-insequence-3.1.5.xml

ob-spec uk
ob-api-typecof
ob-api-version3.1.5
Event Subscriptions API v3.1.2<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Notifications/3.1.2/event-subscriptions-swagger-3.1.2.yaml Dynamic Endpoint<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Notifications/3.1.2/event-subscriptions-dynamic-endpoint-insequence-3.1.2.xmlob-specuk
ob-api-typeevent
ob-api-version3.1.2
Aggregated Polling API v3.1.2<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Notifications/3.1.2/aggregated-polling-swagger-3.1.2.yaml

HTTP/REST Endpoint

https://<WSO2_OB_APIM_HOST>:9446/event-notifications/uk300/

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Notifications/3.1.2/aggregated-polling-endpoint-insequence-3.1.2.xml ob-specuk
ob-api-typeevent
ob-api-version3.1.2

Dynamic Client Registration API v3.2

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/DynamicClientRegistration/3.2/dynamic-client-registration-swagger.yaml Dynamic Endpoint<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/DynamicClientRegistration/3.2/dcr-dynamic-endpoint-insequence-3.2.xml ob-specuk
ob-api-typedcr
ob-api-version3.2

APISwagger definition (yaml file)Endpoint

Message mediation (sequence file)


API property nameAPI property value
NextGenPSD2 Framework Version 1.3.6<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/berlin-group.org/PSD2API_1.3.6/psd2-api_1.3.6_20200327.yamlDynamic Endpoint

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/berlin-group.org/PSD2API_1.3.6/dynamic-endpoint-insequence-1.3.6.xml

ob-specberlin
ob-api-typepsd2

APISwagger definition (yaml file)Endpoint (Sandbox/Production)

Message mediation (sequence file)


API property nameAPI property value
Consumer Data Standards API v1.3

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/1.3.0/consumer-data-standards-1.3.0.yaml

HTTP/REST Endpoint

https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/backend-cds/services

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/1.3.0/cds-dynamic-endpoint-insequence-1.2.0.xmlob-spec au
ob-api-typeaccount
Consumer Data Standards Administration API v1.2.0

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.2.0/cds-admin-1.2.0.yaml

HTTP/REST Endpoint

https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/cds-admin-api/au100

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.2.0/cds-admin-endpoint-insequence-1.2.0.xmlob-spec au
ob-api-typecds-admin

Dynamic Client Registration API v0.1

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/DynamicClientRegistration/0.1/
au-dcr-swagger.yaml

HTTP/REST Endpoint

https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/dynamic-client-registration/common

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/DynamicClientRegistration/0.1
/au-dcr-insequence-0.1.xml
ob-specau
ob-api-typedcr
CDR Arrangement Management API v1.0.0 <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDRArrangement/cdr-arrangement-mgt-api.yaml

HTTP/REST Endpoint

https://<WSO2_OB_APIM_HOST>:9446/api/openbanking/consent-mgt/uk300/account-access-consents

<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDRArrangement/cdr-arrangement-mgt-dynamic-endpoint-insequence.xmlob-specau
ob-api-typecdr-arrangement

What's Next

Now that you have created the APIs that allow you to initiate payments and access account information, let's try out the flows in WSO2 Open Banking:








  • No labels