Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In the WSO2 Open Banking solution, Mutual Transport Layer Security (MTLS) is enforced by using handlers in order to ensure that the authenticated client uses the pre-registered transport certificate to communicate with APIs.

Table of Contents

Token endpoint security

To enable MTLS validation in the access token requests, add the following entries to the start of the <handlers> property in the <WSO2_OBAMOB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml file.

Code Block
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.GatewayClientAuthenticationHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

API resource security

The following configuration should be added to the <handlers> section of the velocity template located in the <WSO2_OB_OBAMAPIM_HOME>/repository/resources/api_templates/velocity_template.xml file.

  1. Add MTLSValidationHandler at the start of the <handlers> section.

    Info

    MTLSValidationHandler mandates MTLS.

    Code Block
    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

  2. Add MTLSClientTokenValidationHandler under handler <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler>.

    Info

    MTLSClientTokenValidationHandler ensures MTLS security.

    Code Block
    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler"/>

    If the APIs are already published, the above should be added to the <handlers> property in the synapse configurations of the published APIs, which are located in the <WSO2_OB_OBAMAPIM_HOME>/repository/deployment/server/synapse-configs/default/api file.