This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
[Moved Content to the API Security Doc]Configuring Mutual Transport Layer Security
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
In the WSO2 Open Banking solution, Mutual Transport Layer Security (MTLS) is enforced by using handlers in order to ensure that the authenticated client uses the pre-registered transport certificate to communicate with APIs.
Token endpoint security
To enable MTLS validation in the access token requests, add the following entries to the start of the <handlers> property in the <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml file.
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.GatewayClientAuthenticationHandler"/> <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>
API resource security
The following configuration should be added to the <handlers> section of the velocity template located in the <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml file.
Add
MTLSValidationHandler at the start of the<handlers>section.MTLSValidationHandler mandates MTLS.
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>
Add
MTLSClientTokenValidationHandlerunder handlerÂ<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler>.MTLSClientTokenValidationHandler ensures MTLS security.
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler"/>
If the APIs are already published, the above should be added to the
<handlers>Â property in the synapse configurations of the published APIs, which are located in theÂ<WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/apifile.