This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The Key Manager extension is responsible for creating a service provider in the WSO2 Open Banking Identity and Access Management module (WSO2 OB IAM) when a new application is registered in the API Store. The created service provider defines the attributes of the application such as the authenticators used, authentication flow, whether to use tenant domain in local subject identifier etc. These attributes are customised based on the requirements.

In order to define customised attributes for the service providers, the Key Manager extension should also be customised. This section will guide you on how to customise the SCA Key Manager extension.

Step 1. Implementing custom key manager extension
  • Create a custom Java component and add the below dependencies to that project.
    1. com.wso2.finance.open.banking.sca.keymanager 

      com.wso2.finance.open.banking.sca.keymanager-2.0.0.jar is available in <WSO2_OB_APIM_HOME>/repository/components/dropins/com.wso2.finance.open.banking.sca.keymanager-2.0.0.jar

    2. org.wso2.carbon.apimgt.impl

      org.wso2.carbon.apimgt.impl_6.6.163.jar is available in <WSO2_OB_APIM_HOME>/repository/components/plugins/org.wso2.carbon.apimgt.impl_6.6.163.jar

  • Add a Java class to your custom module extending the SCABasedKeyManagerClient class. Override the setAuthenticators method to define the required authenticators. The sample SampleKeyManagerClient module sets two authentication steps(local authentication and federated authentication steps respectively) using this extension as follows:

    /**
     * Sample class to set authenticators in KeyManagerClient
     **/
    public class SampleKeyManagerClient extends SCABasedKeyManagerClient {
    
        private static final String BASIC_AUTHENTICATOR_NAME = "FOOBasicCustomAuth";
        private static final String BASIC_AUTHENTICATOR_DISPLAY_NAME = "FOO Authenticator";
        private static final String FEDERATED_AUTHENTICATOR_NAME = "BARFedCustomAuth";
    
        @Override
        public void setAuthenticators(LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig,
                                      OAuthApplicationInfo oAuthApplicationInfo)
                throws RemoteException, IdentityApplicationManagementServiceIdentityApplicationManagementException,
                APIManagementException {
            AuthenticationStep[] authenticationSteps = new AuthenticationStep[2];
    
            //Step 1 - Basic authentication
            LocalAuthenticatorConfig localAuthenticatorConfig = new LocalAuthenticatorConfig();
            LocalAuthenticatorConfig[] localAuthenticatorConfigs = new LocalAuthenticatorConfig[1];
            AuthenticationStep basicAuthenticationStep = new AuthenticationStep();
    
            localAuthenticatorConfig.setName(BASIC_AUTHENTICATOR_NAME);
            localAuthenticatorConfig.setDisplayName(BASIC_AUTHENTICATOR_DISPLAY_NAME);
            localAuthenticatorConfig.setEnabled(true);
            localAuthenticatorConfigs[0] = localAuthenticatorConfig;
    
            basicAuthenticationStep.setStepOrder(1);
            basicAuthenticationStep.setLocalAuthenticatorConfigs(localAuthenticatorConfigs);
            basicAuthenticationStep.setAttributeStep(true);
            basicAuthenticationStep.setSubjectStep(true);
            //set step 1
            authenticationSteps[0] = basicAuthenticationStep;
    
            //Step 2 - Federated authentication
            IdentityProvider identityProvider = null;
    
            IdentityApplicationManagementServiceStub stub = super.getIdentityApplicationManagementServiceStub();
    
            if (stub != null) {
                IdentityProvider[] federatedIdPs = stub.getAllIdentityProviders();
                if (federatedIdPs != null && federatedIdPs.length > 0) {
                    for (IdentityProvider registeredIdentityProvider : federatedIdPs) {
                        if (registeredIdentityProvider.getIdentityProviderName().equals(FEDERATED_AUTHENTICATOR_NAME)) {
                            identityProvider = registeredIdentityProvider;
                            break;
                        }
                    }
                }
            } else {
                throw new APIManagementException("Retrieving IdentityApplicationManagementServiceStub failed.");
            }
    
            IdentityProvider[] identityProviders = new IdentityProvider[1];
            identityProviders[0] = identityProvider;
    
            AuthenticationStep authenticationStep = new AuthenticationStep();
            authenticationStep.setStepOrder(2);
            authenticationStep.setFederatedIdentityProviders(identityProviders);
    
            //set step 2
            authenticationSteps[1] = authenticationStep;
    
            //set authentication steps
            localAndOutboundAuthenticationConfig.setAuthenticationSteps(authenticationSteps);
        }
    }
    
    
    
Step 2. Building and deploying the custom key manager extension
  • Build the module.
  • Add the .jar file to <WSO2_OB_APIM_HOME>/repository/components/lib.

    If the module is an OSGi service place the .jar in the <WSO2_OB_APIM_HOME>/repository/components/dropins directory.

  • Open the <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml file and update the following configuration under the [apim.key_manager] tag with the fully qualified name (FQN) of your Java class. For example,

    key_manager_client_impl = "com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient"
  • Start the WSO2 Open Banking Api Management server.

  • No labels