After a certain period, some consumers may prefer to revoke the consents they granted the Data Recipients to access account data. In WSO2 Open Banking, you can manage and revoke these consents/sharing arrangements as follows:
The consent management dashboards comply with the Consumer Experience (CX) Standards and CX Guidelines in the Consumer Data Standards.
Revoking consents by consumers
Before you begin:
Configure the Consent Management application to try out the Consent Manager Portal.
The WSO2 Open Banking Consent Manager portal also known as the Self-care portal, enables consumers to review and revoke the consents/sharing arrangements they provided to access account details.
Let's take a look at how a consumer can revoke a sharing arrangement.
Go to the Consent Manager portal at
https://<WSO2_OB_IAM_HOST>:9446/consentmgt
.- Enter the username and password provided by the bank. Click Continue.
In the Consent Manager portal's home page, you can view a list of consents/sharing arrangements you have granted access to account information.
Their status is displayed to the right of the selected CDR Arrangement ID. Available statuses are Rejected, Awaiting authorisation, Authorised, and Revoked.Select a CDR Arrangement ID to view its details.
A consumer can grant permissions to these sharing arrangements.
If the consumer wants to stop the sharing arrangement with the Data Recipient, click Stop sharing.
Optionally, you can enter a reason for the revocation.
Revocation reasons help you to find more information later. It is not mandatory to provide a reason for revocation.
Click Revoke to confirm the revocation.
The status of the CDR Arrangement ID is now changed to Revoked.
Revoking consents by Customer Care Representatives
The WSO2 Open Banking Customer Care portal enables the Customer Care Representatives to revoke the sharing arrangement on behalf of the consumers.
Before you begin:
Configuring SSO:
You can configure SSO for the Customer Care Portal.
Sign in to the Customer Care Portal (
https://<WSO2_OB_IAM_HOST>:9446/ccportal
) using the username and password of a user with the Customer Care role. See Configuring Users and Roles, for more information on user roles.Troubleshooting
If you get hostname verification errors when accessing the Customer Care portal, add the following to the
<WSO2_OB_IAM_HOME>/bin/wso2server.sh
file and restart.Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \
Dorg.wso2.ignoreHostnameVerification=true \
- You can filter and search for CDR Arrangement IDs.
Filter based on the following parameters:User ID: The user ID created for the consumer in the online banking application.
- Application: The Data Recipient applications authorised for the Data Holder are listed here. You can select the application the consumer has given consent to.
Status: Select the status of the sharing arrangement. Possible values are:
Rejected
,Awaiting Authorisation
,Authorised
, andRevoked
.Set Date Range: The date range in which the CDR Arrangement ID is valid.
You can use one or more filter options and proceed to search.
- Click Search.
A list of search results is displayed, as shown below. You can view the sharing arrangement information by clicking the CDR Arrangement ID.
- Click the CDR Arrangement ID that you want to revoke and view its details.
Click Revoke.
Optionally, you are asked to enter a reason for the revocation.
Revocation reasons will help you to find more information later. It is not mandatory to provide a reason for revocation.
- Click Revoke to confirm the revocation.