Do the following configurations in API Manager and restart the server.
Make sure the Key Manager server is running before you start the API Manager server.
Go to the <WSO2_OB_APIM_HOME>/bin
directory and execute the following command:
./wso2server.sh
Configuring datasources
Make sure to update the URL, username, password, and driver class name accordingly.
Configure the
<WSO2_OB_APIM_HOME>/repository/conf/datasources/
file with the following configurations.master-datasources
.xmlIf you are using Oracle, update the
validationQuery
in each datasource with the following value.<validationQuery>SELECT 1 FROM DUAL</validationQuery>
<datasources> <datasource> <name>WSO2_CARBON_DB</name> <description>The datasource used for registry and user manager</description> <jndiConfig> <name>jdbc/WSO2CarbonDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url> <username>wso2carbon</username> <password>wso2carbon</password> <driverClassName>org.h2.Driver</driverClassName> <maxActive>50</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <validationInterval>30000</validationInterval> </configuration> </definition> </datasource> <datasource> <name>WSO2AM_DB</name> <description>The datasource used for API Manager database</description> <jndiConfig> <name>jdbc/WSO2AM_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2AM_STATS_DB</name> <description>The datasource used for getting statistics to API Manager</description> <jndiConfig> <name>jdbc/WSO2AM_STATS_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2_MB_STORE_DB</name> <description>The datasource used for message broker database</description> <jndiConfig> <name>WSO2MBStoreDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_mbstoredb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2UM_DB</name> <description>The datasource used by user manager</description> <jndiConfig> <name>jdbc/WSO2UM_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_userdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2CONFIG_DB</name> <description>The datasource used by the registry</description> <jndiConfig> <name>jdbc/WSO2Config_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_am_configdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> <datasource> <name>WSO2REG_DB</name> <description>The datasource used by the registry</description> <jndiConfig> <name>jdbc/WSO2REG_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_govdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>DB_DRIVER</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> </datasources>
Copy the
<WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2-obcommon-conf/open-banking-datasources.xml
file into the<WSO2_OB_APIM_HOME>/repository/conf/datasources
directory.Open
<WSO2_APIM_KM_HOME>/repository/conf/datasources/open-banking-datasources.xml
and update theWSO2_OPEN_BANKING_DB
datasource with the following configurations:<datasources> <datasource> <name>WSO2_OPEN_BANKING_DB</name> <description>The datasource used for registry and user manager</description> <jndiConfig> <name>jdbc/WSO2OpenBankingDB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false</url> <username>root</username> <password>root</password> <driverClassName>com.mysql.jdbc.Driver</driverClassName> <maxActive>150</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <!--Use below for oracle--> <!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>--> <validationInterval>30000</validationInterval> <defaultAutoCommit>false</defaultAutoCommit> </configuration> </definition> </datasource> </datasources>
Update the properties of the
<WSO2_OB_APIM_HOME>/repository/conf/registry.xml
file appropriately.<dbConfig name="wso2registry"> <dataSource>jdbc/WSO2CarbonDB</dataSource> </dbConfig> <dbConfig name="configRegistry"> <dataSource>jdbc/WSO2Config_DB</dataSource> </dbConfig> <remoteInstance url="https://localhost:9443/registry"> <id>configInstance</id> <dbConfig>configRegistry</dbConfig> <readOnly>false</readOnly> <enableCache>true</enableCache> <registryRoot>/</registryRoot> </remoteInstance> <mount path="/_system/config" overwrite="true"> <instanceId>configInstance</instanceId> <targetPath>/_system/config</targetPath> </mount> <dbConfig name="governanceRegistry"> <dataSource>jdbc/WSO2REG_DB</dataSource> </dbConfig> <remoteInstance url="https://localhost:9443/registry"> <id>governanceInstance</id> <dbConfig>governanceRegistry</dbConfig> <readOnly>false</readOnly> <enableCache>true</enableCache> <registryRoot>/</registryRoot> </remoteInstance> <mount path="/_system/governance" overwrite="true"> <instanceId>governanceInstance</instanceId> <targetPath>/_system/governance</targetPath> </mount>
Update the data source of the
<WSO2_OB_APIM_HOME>/repository/conf/
file in order to point to theuser-mgt.xml
WSO2UM_DB
.<Property name="dataSource">jdbc/WSO2UM_DB</Property>
Enable the internal JDBC user store of the
<WSO2_OB_APIM_HOME>
/repository/conf/
user-mgt.xml
file. Update theUsernameJavaRegEx
,UsernameJavaScriptRegEx
,IsBulkImportSupported
, andUsernameWithEmailJavaScriptRegEx
properties using the sample configuration given below:<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property> <Property name="ReadOnly">false</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="UsernameJavaRegEx">a-zA-Z0-9@._-{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property> <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property> <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="CaseInsensitiveUsername">true</Property> <Property name="SCIMEnabled">false</Property> <Property name="IsBulkImportSupported">false</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="MultiAttributeSeparator">,</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property> </UserStoreManager>
Configuring the api-manager.xml file
Update the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml
file with the following configurations.
Add the port to the
ServerURL
parameter of authentication service underAuthManager
andAPIKeyValidator
.<ServerURL>https://<WSO2_OB_KM_HOST>:9446${carbon.context}services/</ServerURL>
Update the endpoint URLs for the APIs hosted in this API Gateway under
GatewayEndpoint
parameter as follows:<GatewayEndpoint>http://<WSO2_OB_APIM_HOST>:${http.nio.port},https://<WSO2_OB_APIM_HOST>:${https.nio.port}</GatewayEndpoint>
Enable analytics for the API Manager under
Analytics
parameter as follows:<Analytics> <Enabled>true</Enabled> </Analytics>
Update the
StreamProceesorUsername
,StreamProcessorRestApiUsername
as follows:<StreamProcessorUsername>admin@wso2.com@carbon.super</StreamProcessorUsername> <StreamProcessorRestApiUsername>admin@wso2.com@carbon.super</StreamProcessorRestApiUsername>
Update
Username
underPolicyDeployer
as follows:<PolicyDeployer> <Username>admin@wso2.com@carbon.super</Username> </PolicyDeployer>
Update the
PublisherClass
in API usage data publisher.<PublisherClass>com.wso2.finance.open.banking.gateway.uk.monitoring.publisher.OBUsageDataBridgeDataPublisher</PublisherClass>
Change the value to
WSClient
underAPIKeyValidator
. After this configuration, it switches back to web service client.<KeyValidatorClientType>WSClient</KeyValidatorClientType>
Update the value as
false
for theEnableThriftServer
.<EnableThriftServer>false</EnableThriftServer>
Update
KeyManagerClientImpl
underAPIManager
.<KeyManagerClientImpl>com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient</KeyManagerClientImpl>
Disable
RemoveOAuthHeadersFromOutMessage
to remove OAuth headers from an outgoing message by updating the value asfalse
ofRemoveOAuthHeadersFromOutMessage
underOAuthConfigurations
parameter.<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
Update the
ScopeWhiteList
underOAuthConfigurations
as following:<ScopeWhitelist> <Scope>openid</Scope> <Scope>^OB_.*</Scope> <Scope>^TIME_.*</Scope> </ScopeWhitelist>
Set the value as
false
forDisplayComments
andDisplayRatings
underAPIStore
.<DisplayComments>false</DisplayComments> <DisplayRatings>false</DisplayRatings>
Add URL under
APIPublisher.
<URL>https://<WSO2_OB_APIM_HOST>:${mgt.transport.https.port}/publisher</URL>
Update
connectionfactory.TopicConnectionFactory
underJMSConnectionParameters
as follows:<JMSConnectionParameters> <connectionfactory.TopicConnectionFactory> amqp://admin!wso2.com!carbon.super:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}' </connectionfactory.TopicConnectionFactory> </JMSConnectionParameters>
If you are using Dynamic Client Registration (DCR), add the following metadata configurations to the
<WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml
file.<ApplicationConfiguration> <ApplicationAttributes> <Attribute required="false"> <Name>software_client_name_sandbox</Name> <Description>Software Client Name of sandbox</Description> </Attribute> <Attribute required="false"> <Name>software_client_name_production</Name> <Description>Software Client Name of production</Description> </Attribute> </ApplicationAttributes> </ApplicationConfiguration>
Configuring the carbon.xml file
Update HostName
and MgtHostName
with the IP address of the API Manager server in the
<WSO2_OBAM_HOME>/repository/conf/carbon.xml
file.
<HostName><WSO2_OB_APIM_HOST></HostName> <MgtHostName><WSO2_OB_APIM_HOST></MgtHostName>
Disabling weak ciphers
A cipher is an algorithm for performing encryption or decryption. When you set the sslprotocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks. To prevent these types of security attacks, it is encouraged to disable the weak ciphers.
Refer to Disabling weak ciphers in the WSO2 Administration Guide and disable weak ciphers.