This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 43 Current »

Do the following configurations in API Manager and restart the server.

Make sure the Key Manager server is running before you start the API Manager server.

Go to the <WSO2_OB_APIM_HOME>/bin directory and execute the following command:

./wso2server.sh

Configuring datasources

Make sure to update the URL, username, password, and driver class name accordingly.

  1. Configure the <WSO2_OB_APIM_HOME>/repository/conf/datasources/master-datasources.xml file with the following configurations. 

    If you are using Oracle, update the validationQuery in each datasource with the following value.

    <validationQuery>SELECT 1 FROM DUAL</validationQuery>
    <datasources>
    	<datasource>
    		<name>WSO2_CARBON_DB</name>
    		<description>The datasource used for registry and user manager</description>
    		<jndiConfig>
    			<name>jdbc/WSO2CarbonDB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url>
    				<username>wso2carbon</username>
    				<password>wso2carbon</password>
    				<driverClassName>org.h2.Driver</driverClassName>
    				<maxActive>50</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<validationInterval>30000</validationInterval>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2AM_DB</name>
    		<description>The datasource used for API Manager database</description>
    		<jndiConfig>
    			<name>jdbc/WSO2AM_DB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2AM_STATS_DB</name>
    		<description>The datasource used for getting statistics to API Manager</description>
    		<jndiConfig>
    			<name>jdbc/WSO2AM_STATS_DB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2_MB_STORE_DB</name>
    		<description>The datasource used for message broker database</description>
    		<jndiConfig>
    			<name>WSO2MBStoreDB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_mbstoredb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2UM_DB</name>
    		<description>The datasource used by user manager</description>
    		<jndiConfig>
    			<name>jdbc/WSO2UM_DB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_userdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2CONFIG_DB</name>
    		<description>The datasource used by the registry</description>
    		<jndiConfig>
    			<name>jdbc/WSO2Config_DB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_am_configdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    	<datasource>
    		<name>WSO2REG_DB</name>
    		<description>The datasource used by the registry</description>
    		<jndiConfig>
    			<name>jdbc/WSO2REG_DB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_govdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>DB_DRIVER</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    </datasources>
    
  2. Copy the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2-obcommon-conf/open-banking-datasources.xml file into the <WSO2_OB_APIM_HOME>/repository/conf/datasources directory.

    Open <WSO2_APIM_KM_HOME>/repository/conf/datasources/open-banking-datasources.xml and update the WSO2_OPEN_BANKING_DB datasource with the following configurations:

    <datasources>
    	<datasource>
    		<name>WSO2_OPEN_BANKING_DB</name>
    		<description>The datasource used for registry and user manager</description>
    		<jndiConfig>
    			<name>jdbc/WSO2OpenBankingDB</name>
    		</jndiConfig>
    		<definition type="RDBMS">
    			<configuration>
    				<url>jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false</url>
    				<username>root</username>
    				<password>root</password>
    				<driverClassName>com.mysql.jdbc.Driver</driverClassName>
    				<maxActive>150</maxActive>
    				<maxWait>60000</maxWait>
    				<testOnBorrow>true</testOnBorrow>
    				<validationQuery>SELECT 1</validationQuery>
    				<!--Use below for oracle-->
    				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
    				<validationInterval>30000</validationInterval>
    				<defaultAutoCommit>false</defaultAutoCommit>
    			</configuration>
    		</definition>
    	</datasource>
    </datasources>
  3. Update the properties of the <WSO2_OB_APIM_HOME>/repository/conf/registry.xml  file appropriately. 

    <dbConfig name="wso2registry">
            <dataSource>jdbc/WSO2CarbonDB</dataSource>
    </dbConfig>
    
    
    <dbConfig name="configRegistry">
            <dataSource>jdbc/WSO2Config_DB</dataSource>
    </dbConfig>
    
        <remoteInstance url="https://localhost:9443/registry">
            <id>configInstance</id>
            <dbConfig>configRegistry</dbConfig>
            <readOnly>false</readOnly>
            <enableCache>true</enableCache>
            <registryRoot>/</registryRoot>
        </remoteInstance>
    
        <mount path="/_system/config" overwrite="true">
            <instanceId>configInstance</instanceId>
            <targetPath>/_system/config</targetPath>
        </mount>
    
    
        <dbConfig name="governanceRegistry">
            <dataSource>jdbc/WSO2REG_DB</dataSource>
        </dbConfig>
    
        <remoteInstance url="https://localhost:9443/registry">
            <id>governanceInstance</id>
            <dbConfig>governanceRegistry</dbConfig>
            <readOnly>false</readOnly>
            <enableCache>true</enableCache>
            <registryRoot>/</registryRoot>
        </remoteInstance>
    
        <mount path="/_system/governance" overwrite="true">
            <instanceId>governanceInstance</instanceId>
            <targetPath>/_system/governance</targetPath>
    	</mount>
  4. Update the data source of the <WSO2_OB_APIM_HOME>/repository/conf/user-mgt.xml  file in order to point to the WSO2UM_DB

    <Property name="dataSource">jdbc/WSO2UM_DB</Property>


    1. Enable the internal JDBC user store of the <WSO2_OB_APIM_HOME> /repository/conf/ user-mgt.xml file. Update the  UsernameJavaRegEx, UsernameJavaScriptRegEx, IsBulkImportSupported, and UsernameWithEmailJavaScriptRegEx properties using the  sample configuration given below:

      <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
                  <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
                  <Property name="ReadOnly">false</Property>
                  <Property name="ReadGroups">true</Property>
                  <Property name="WriteGroups">true</Property>
                  <Property name="UsernameJavaRegEx">a-zA-Z0-9@._-{3,30}$</Property>
                  <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
                  <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
                  <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
                  <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
                  <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
                  <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
                  <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
                  <Property name="CaseInsensitiveUsername">true</Property>
                  <Property name="SCIMEnabled">false</Property>
                  <Property name="IsBulkImportSupported">false</Property>
                  <Property name="PasswordDigest">SHA-256</Property>
                  <Property name="StoreSaltedPassword">true</Property>
                  <Property name="MultiAttributeSeparator">,</Property>
                  <Property name="MaxUserNameListLength">100</Property>
                  <Property name="MaxRoleNameListLength">100</Property>
                  <Property name="UserRolesCacheEnabled">true</Property>
                  <Property name="UserNameUniqueAcrossTenants">false</Property>
      	    <Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property>
              </UserStoreManager>

Configuring the api-manager.xml file


Update the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file with the following configurations.

  1. Add the port to the ServerURL parameter of authentication service under AuthManager and APIKeyValidator.

    <ServerURL>https://<WSO2_OB_KM_HOST>:9446${carbon.context}services/</ServerURL>
  2. Update the endpoint URLs for the APIs hosted in this API Gateway under GatewayEndpoint parameter as follows:

    <GatewayEndpoint>http://<WSO2_OB_APIM_HOST>:${http.nio.port},https://<WSO2_OB_APIM_HOST>:${https.nio.port}</GatewayEndpoint>
  3. Enable analytics for the API Manager under Analytics parameter as follows:

    <Analytics>
      <Enabled>true</Enabled>
    </Analytics>
  4. Update the StreamProceesorUsernameStreamProcessorRestApiUsername as follows:

    <StreamProcessorUsername>admin@wso2.com@carbon.super</StreamProcessorUsername>
    <StreamProcessorRestApiUsername>admin@wso2.com@carbon.super</StreamProcessorRestApiUsername>
  5. Update Username under PolicyDeployer as follows:

    <PolicyDeployer>
    	<Username>admin@wso2.com@carbon.super</Username>
    </PolicyDeployer>
  6. Update the PublisherClass in API usage data publisher.

    <PublisherClass>com.wso2.finance.open.banking.gateway.uk.monitoring.publisher.OBUsageDataBridgeDataPublisher</PublisherClass>
  7. Change the value to WSClient under APIKeyValidator. After this configuration, it switches back to web service client.

     <KeyValidatorClientType>WSClient</KeyValidatorClientType>
  8. Update the value as false for the EnableThriftServer.

     <EnableThriftServer>false</EnableThriftServer>
  9. Update KeyManagerClientImpl under APIManager.

     <KeyManagerClientImpl>com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient</KeyManagerClientImpl>
  10. Disable RemoveOAuthHeadersFromOutMessage to remove OAuth headers from an outgoing message by updating the value as false of RemoveOAuthHeadersFromOutMessage under OAuthConfigurations parameter.

    <RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
  11. Update the ScopeWhiteList under OAuthConfigurations as following:

    <ScopeWhitelist>
               <Scope>openid</Scope>
               <Scope>^OB_.*</Scope>
               <Scope>^TIME_.*</Scope>
    </ScopeWhitelist>
  12. Set the value as false for DisplayComments and DisplayRatings under APIStore.

     <DisplayComments>false</DisplayComments>
     <DisplayRatings>false</DisplayRatings>
  13. Add URL under APIPublisher.

    <URL>https://<WSO2_OB_APIM_HOST>:${mgt.transport.https.port}/publisher</URL>
  14. Update connectionfactory.TopicConnectionFactory under JMSConnectionParameters as follows: 


    <JMSConnectionParameters>
    <connectionfactory.TopicConnectionFactory>
    amqp://admin!wso2.com!carbon.super:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'
    </connectionfactory.TopicConnectionFactory>        		    
    </JMSConnectionParameters>
  15. If you are using Dynamic Client Registration (DCR), add the following metadata configurations to the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file.

    <ApplicationConfiguration>
    	<ApplicationAttributes>
    		<Attribute required="false">
    			<Name>software_client_name_sandbox</Name>
    			<Description>Software Client Name of sandbox</Description>
    		</Attribute>
    		<Attribute required="false">
    			<Name>software_client_name_production</Name>
    			<Description>Software Client Name of production</Description>
    		</Attribute>
    	</ApplicationAttributes>
    </ApplicationConfiguration>

Configuring the carbon.xml file

Update HostName and MgtHostName with the IP address of the API Manager server in the  <WSO2_OBAM_HOME>/repository/conf/carbon.xml file.

<HostName><WSO2_OB_APIM_HOST></HostName>
<MgtHostName><WSO2_OB_APIM_HOST></MgtHostName>

Disabling weak ciphers

A cipher is an algorithm for performing encryption or decryption. When you set the sslprotocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks. To prevent these types of security attacks, it is encouraged to disable the weak ciphers. 

Refer to Disabling weak ciphers in the WSO2 Administration Guide and disable weak ciphers.

  • No labels