This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
  • Created by Former user, last modified by Former user on Mar 15, 2019
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

In WSO2 Open Banking solution, Mutual Transport Layer Security is enforced by using handlers in order to ensure that the authenticated client uses the pre-registered transport certificate to communicate with APIs.

Token Endpoint Security

To enable MTLS validation in the access token requests, add the following entry to <handlers> in <WSO2_OBAM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml.

<handler class="com.wso2.finance.open.banking.mtls.validator.handler.GatewayClientAuthenticationHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>


API Resource Security

The following configuration should be added to the <handlers> section of the velocity template located in <WSO2_OBAM_HOME>/repository/resources/api_templates/velocity_template.xml

  1. Add MTLSValidationHandler in the start of the <handlers> section.

    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

  2. Add MTLSClientTokenValidationHandler under handler <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler>.

    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler"/>

If the API's are already published, the above should be added to the <handlers> in the synapse configurations of the published APIs, which are located in <WSO2_OBAM_HOME>/repository/deployment/server/synapse-configs/default/api.






  • No labels