This documentation is for WSO2 Open Banking version 1.4.0. View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Update identity.xml file in <WSO2_OB_KM_HOME>/repository/conf/identity with the following configurations.

      1. Define the Open Banking specific Request Object Validator under the <OpenIDConnect> as follows:

        Code Block
        languagexml
        <RequestObjectValidator>com.wso2.finance.request.object.validator.OBRequestObjectValidatorImpl</RequestObjectValidator>
      2. Update the following configurations under the <OAuth> property with the hostname of the Open Banking API Manager Gateway.

        Code Block
        languagexml
        <OAuth2AuthzEPUrl>${carbon.protocol}://<WSO2_OB_APIM_HOST>:8243/authorize</OAuth2AuthzEPUrl>      
        <OAuth2TokenEPUrl>${carbon.protocol}://<WSO2_OB_APIM_HOST>:8243/token</OAuth2TokenEPUrl>
        
        <OAuth2UserInfoEPUrl>${carbon.protocol}://<WSO2_OB_APIM_HOST>:8243/userinfo</OAuth2UserInfoEPUrl>
        
        
        <OAuth2DCREPUrl>${carbon.protocol}://<WSO2_OB_APIM_HOST>:8243/register</OAuth2DCREPUrl>
        
        <IDTokenIssuerID>https://<WSO2_OB_APIM_HOST>:8243/token</IDTokenIssuerID>
      3. Update the RenewRefreshTokenForRefreshGrant value, by default this is set to false. With this configuration, the refresh token that is received by the refresh token grant type is not renewed. This is used to enforce consent re-authorization.

        Code Block
        languagexml
        <RenewRefreshTokenForRefreshGrant>false</RenewRefreshTokenForRefreshGrant>
      4. Configure the ReceiverURL of the <EventPublisher> under <AdaptiveAuth> with the hostname of the Open Banking Business Intelligence Server. By default, the relevant Siddhi Apps are configured to listen to port 8006.

        Code Block
        languagexml
        <ReceiverURL>http://<WSO2_OB_BI_HOST>:8006/</ReceiverURL>
      5. Make sure the following Open Banking specific response type handlers are added under the <SupportedResponseTypes>.

        Code Block
        languagexml
        <SupportedResponseType>
        	<ResponseTypeName>code</ResponseTypeName>
        	<ResponseTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBCodeResponseTypeHandler</ResponseTypeHandlerImplClass>
        </SupportedResponseType>
        <SupportedResponseType>
        	<ResponseTypeName>code id_token</ResponseTypeName>
        	<ResponseTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBHybridResponseTypeHandler</ResponseTypeHandlerImplClass>
        </SupportedResponseType>
      6. The following Open Banking specific grant types should be there under <SupportedGrantTypes> property.

        Code Block
        languagexml
        <SupportedGrantType>
        	<GrantTypeName>authorization_code</GrantTypeName>
        	<GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass>
        </SupportedGrantType>
        
        <SupportedGrantType>
        	<GrantTypeName>client_credentials</GrantTypeName>
        	<GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
        	<IsRefreshTokenAllowed>false</IsRefreshTokenAllowed>
        	<IdTokenAllowed>false</IdTokenAllowed>
        </SupportedGrantType>
      7. Make sure the PrivateKeyJWT The cache configurations are as follows:

        Code Block
        languagexml
        <CacheConfig> <CacheManager name="IdentityApplicationManagementCacheManager"> <Cache name="PrivateKeyJWT" enable="true" timeout="10" capacity="5000" isDistributed="false"/> </CacheManager> </CacheConfig>

        available in <CacheConfig> under <CacheManager> element. You can update the configurations according to your requirements.

      8. The org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder is the ID Token Builder. Make sure the <IDTokenBuilder> configurations are as follows: 

        Code Block
        languagexml
        <OpenIDConnect>
        	<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
        </OpenIDConnect>