WSO2 Open Banking 1.3.0 supports OpenID Functional Conformance suite v1.1.19.
An Open Banking Implementation Entity ( OBIE) Functional Conformance Certificate allows an implementer to demonstrate that they have successfully implemented all required functional elements of the OBIE Read/Write API Specifications, passing all tests performed by the Functional Conformance Tool.
This document contains the following topics:
Before you begin:
- Download and unzip the following:
- wso2-obam-1.3.0.zip (WSO2 Open Banking API Manager)
wso2-obkm-1.3.0.zip (WSO2 Open Banking Key Manager)
- Configure the databases and setup the solution.
- To set up the solution locally, see Try Local Setup
- To set up a production deployment, follow the Deployment Guide
Configuring the solution
- Do the following changes in WSO2 Open Banking Key Manager(
WSO2_OB_KM
).Open the
<WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml
file. Set theRenewTokenPerRequest
property to false.The
RenewTokenPerRequest
configuration provides the ability to renew the access token and refresh token per each token request. It also revokes the previously available active token for a matching clientId, user and scopes combination.<RenewTokenPerRequest>false</RenewTokenPerRequest>
Open the
<WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml
file. Update the<WSO2_OB_APIM_HOST>
placeholder with the hostname of the API Manager server.The IDTokenIssuerID property sets the IssuerID of the IDToken
<IDTokenIssuerID>https://<WSO2_OB_APIM_HOST>:8243/token</IDTokenIssuerID>
Open the
<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
file and set theMaximumFuturePaymentDays
value to 365 days.<PaymentRestrictions> <MaximumFuturePaymentDays>365</MaximumFuturePaymentDays> </PaymentRestrictions>
- Configure the certificates.
Go to
<WSO2_OB_APIM_HOME>/repository/resources/security/
directory and execute the following commands.Create a new alias for
wso2carbon.jks.
keytool -genkey -alias <WSO2_OB_APIM_HOST> -keyalg RSA -keysize 2048 -validity 3950 -keystore wso2carbon.jks
Create a certificate using the alias created in the step above and import it to the
client-truststore.
keytool -export -alias <WSO2_OB_APIM_HOST> -file <WSO2_OB_APIM_HOST>.crt -keystore wso2carbon.jks
Import the certificate to the
client-truststore.
keytool -import -trustcacerts -alias <WSO2_OB_APIM_HOST> -file <WSO2_OB_APIM_HOST>.crt -keystore client-truststore.jks
- Start WSO2 Open Banking Key Manager and API Manager servers.
Deploy Account API v3.1.0 and Payment API v3.1.0.
If you do not send the
x-jws-signature
header with the request (“-e DISABLE_JWS=FALSE”), remove the following handlers.
Open the<WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/<USERNAME>--PaymentInitiationAPI_vv3.1.xml
file in a text editor.
Comment out the and remove the following handlers:com.wso2.finance.open.banking.gateway.jws.UKJwsSignatureHandler
com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler
If you’re using the Dynamic Client Registration v3.2 API, you may skip Setting up the test suite.
Sign in to the API Store as the TPP at
https://<WSO2_OB_APIM_HOST>:9443/store
Subscribe to the APIs deployed in step 4.
Create the public certificate of the signing certificate and generate keys.
Setting up the test suite
Execute the following command in a terminal to pull and run the image.
docker run -it --name=fsuite -p 8443:8443 -e LOG_LEVEL=debug -e LOG_TRACER=true -e LOG_HTTP_TRACE=true -e DISABLE_JWS=TRUE "openbanking/conformance-suite:v1.1.19"
- Add the certificates to the container.
Go to <
WSO2_OB_APIM_HOME>/repository/resources/security
and execute the command below to generate thepem
file for<WSO2_OB_APIM_HOST>.crt
openssl x509 -inform der -in <WSO2_OB_APIM_HOST>.crt -out <WSO2_OB_APIM_HOST>.pem
Log in to the container
docker exec -it fsuite /bin/bash
Add the
<WSO2_OB_APIM_HOST>.pem
certificate to the following locations:- /usr/local/share/ca-certificates/<WSO2_OB_APIM_HOST>.pem
- /etc/ssl/certs/<WSO2_OB_APIM_HOST>.pem
Run the following command.
update-ca-certificates
Stop the container.
docker stop fsuite
Restart the container
docker start -a fsuite
- Access the test suite at
https://<WSO2_OB_APIM_HOST>:8443
- Select Open Banking test suite and start the test.
In the Discovery step, update the following values in the JSON file.
A sample configure.json is available here.
discoveryItems apiSpecification name Account and Transaction API Specification openidConfigurationUri
The OpenID Connect discovery endpoint. For example:
https://10.100.0.3:8243/.well-known/openid-configuration
resourceBaseUri Production/Sandbox URL for the API. For example:
https://10.100.0.3:8243/open-banking/v3.1/aisp
discoveryItems apiSpecification name Payment Initiation API openidConfigurationUri
The OpenID Connect discovery endpoint. For example:
https://10.100.0.3:8243/.well-known/openid-configuration
resourceBaseUri Production/Sandbox URL for the API. For example:
https://10.100.0.3:8243/open-banking/v3.1/pisp
Click Next and proceed to the Configuration stage.
Add the following mandatory configurations in the form/JSON file.
A sample configure.json is availble here.
Client
Private Signing Key (.key):
The Private Signing Key certificate of the client/application created in the section above . Public Signing Certificate (.pem):
The Public Signing Certificate of the client/application created in the section above. Private Transport Key (.key):
The Private Transport Key certificate of the client/application created in the section above. Public Transport Certificate (.pem):
The Public Transport Certificate of the client/application created in the section above. Account IDs
The Account IDs of the account resources that the customer (PSU) has consented to provide to the client/application. Statement IDs
The Statement IDs of the statement resources that the customer (PSU) has consented to provide to the client/application. Client ID
Consumer key of the client/application created in the section above. Client Secret
Consumer secret of the client/application created in the section above. x-fapi-financial-id
The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB.
For example:
open-bank
Well-Known
OAuth 2.0 response_type
A JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values
Request object signing algorithm
The algorithm used to sign requests objects
Resource Base URL
The base URL of the WSO2 OB APIM server. For example: https://<WSO2_OB_APIM_HOST>:8243
Payments
Identification
Beneficiary account identification
Name
Name of the account, as assigned by the account servicing institution.
Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account.
International Identification
The international beneficiary account identification
International Name
International name of the account, as assigned by the account servicing institution.
Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account.
Click Next and run the suite.