Follow the steps below to deploy the Open Banking Key Manager.
<WSO2_OBKM_HOME>/repository/conf/datasources/master-datasources.xmlfile with the following configurations.
driverClassNamewith the database credentials, and relevant database driver name in the following datasources.
WSO2_CONSENT_DBdatasource in the
<WSO2_OBKM_HOME>/repository/conf/datasources/open-banking-datasources.xmlfile with the following configurations.
<WSO2_OBKM_HOME>/repository/conf/registry.xmlfile, update the properties given below.
<WSO2_OBKM_HOME>/repository/conf/user-mgt.xmlfile, update the datasource property to point to the
Enable the internal JDBC user store in the
<WSO2_OBKM_HOME>/repository/conf/user-mgt.xmlfile. Update the
Configuring the carbon.xml file
Apply the following changes in the
Update the <
MgtHostName>with the IP addresses of the API Manager server(s).
- Update the <
<KeyStore>to match with the alias provided during the KeyStore creation for the Key Manager server.
Configuring the api-manager.xml file
<PolicyDeployer>property as false inside the
<WSO2_OBKM_HOME>/repository/conf/api-manager.xmlfile as below.
Update the <
ScopeWhitelist>property inside the <
<WSO2_OBKM_HOME>/repository/conf/api-manager.xmlfile and replace the <
Scope>elements as shown below.
Configuring the application-authentication.xml file
- Update the
<WSO2_OBKM_HOME>/repository/conf/identity/application-authentication.xmlfile with the following configurations.
Update the <
AuthenticationEndpointRetryURL>attributes with the URLs of the authentication web application, as shown below.
includeaction to the <
AutheticationEndpointRedirectParams>request parameter in the
<WSO2_OBKM_HOME>/repository/conf/identity/application-authentication.xmlfile. When the action is set to
include, the defined parameters will be sent to the
AuthenticationEndpointas query parameters.
Configuring the identity.xml file
<WSO2_OBKM_HOME>/repository/conf/identitywith the following configurations.
Define the Open Banking specific Request Object Validator under the <
Update the following configurations under the
<OAuth>property with the hostname of the Open Banking API Manager Gateway.
RenewRefreshTokenForRefreshGrantas false. With this configuration, the refresh token that is received by the refresh token grant type is not renewed. This is used to enforce consent re-authorization.
Add RenewTokenPerRequest and set the value to true. This configuration enforces a new token per each request, which will revoke any active tokens for the same application and user. This configuration is used to revoke previous tokens bound to the PSU during consent re-authentication.
Configure the ReceiverURL of the
<AdaptiveAuth>with the hostname of the Open Banking Business Intelligence Server. By default, the relevant Siddhi Apps are configured to listen to port 8006.
Add Open Banking specific response type handlers under
Add the Open Banking specific grant types under <
Update the cache configurations by adding the Open Banking specific
<OpenIDConnect>to specify Open Banking specific ID Token Builder.