WSO2 Open Banking is a PSD2-compliant solution that provides secure mediation flow of information between Payment Service Providers (PSPs), Third Party Providers (TPPs) and Payment Service Users (PSUs). This document guides you through the configurations and troubleshooting that you need to set up the solution in your local environment.
The scripts for the below local setup in the Quick Start Guide are configured for a Linux and MySQL/MSSQL environment. Notice that WSO2 Open Banking solution is applicable to Windows/Linux and MySQL/MSSQL and Oracle environments.
Prerequisites
Hereafter, the installation locations of wso2-obam-1.3.0
and wso2-obkm-1.3.0
are called <WSO2_OB_APIM_HOME>
and <WSO2_OB_KM_HOME>
respectively.
- Download Oracle JDK 1.8 in all the nodes of the setup.
In the environment variables, update the
JAVA_HOME
andPATH
variables. For instance, you can do this on a Mac/Linux server by adding the following to the~/.bashrc file:
export JAVA_HOME="<JDK_LOCATION>" export PATH=$PATH:$JAVA_HOME/bin
Download and unzip the following files:
wso2-obam-1.3.0.zip (WSO2 Open Banking API Manager)
wso2-obkm-1.3.0.zip (WSO2 Open Banking Key Manager)
"WSO2 Updates Manager (WUM) is deprecated and will be unavailable from August 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates."
Setup a database server using MySQL 5.7+, Microsoft SQL Server 2016+ or, Oracle 12c.
Setting up the databases and starting the servers
In order to start the server, configure the databases in both the API Manager (APIM) and the Key Manager (KM) according to the open banking specification, as follows:
Open the
<WSO2_OB_KM_HOME>/repository/resources/finance/scripts/
file and configure the following:startup.properties
Specify the hostnames for the APIM and KM servers.
# Specify the hostname you want to configure APIM_HOSTNAME=localhost IAM_HOSTNAME=localhost
Configure the databases related properties.
Database Property Description DB_TYPE
Type of the database you installed
DB_TYPE=mysql
DB_USER
Database user DB_PASS
Password set for the database connection DB_HOST
Name of the database server DB_DRIVER
Configure
DB_DRIVER
according to the database installed:- Mysql JDBC Driver = com.mysql.jdbc.Driver
- MSSQL JDBC Driver = com.microsoft.sqlserver.jdbc.SQLServerDriver
- Oracle JDBC Driver = oracle.jdbc.driver.OracleDriverIf you are using an MS SQL or an Oracle database, see Configuring Databases and configure the databases.
If you're setting up Open Banking for Berlin and using an Oracle database, update the data type of the given field:
Set execution permissions to the
configure-km.sh
file in the<WSO2_OB_KM_HOME>/repository/resources/finance/scripts
and run it using the following command:./configure-km.sh
If you're setting up Open Banking for Berlin:
Update the data type of the given field to CLOB:
Database openbank_apimgtdb Table AM_APPLICATION_REGISTRATION Field INPUTS Data type CLOB Go to the
<WSO2_OB_APIM_HOME>/repository/resources/finance/scripts
directory and configure the database properties in thestartup.properties
file, similar to Step 1.Set execution permissions to the
configure-am.sh
file and run it.You have configured databases in step 1. By running configure.sh files, you set the database credentials with reference to the configuration files.
Configure the deployed open-banking specification accordingly.
By default, values are set for the UK specification. Other supported specifications include:
- UK specification - https://www.openbanking.org.uk/
- Berlin specification - https://www.berlin-group.org/
- STET specification - https://www.stet.eu/en/psd2/
The following configurations are used to define the deployed specification at runtime:
Product File Config Allowed Values APIM <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
<DeployedSpecification>
UK or BERLIN or STET
APIM <WSO2_OB_APIM_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json
<DeployedSpecification>
UK or BERLIN or STET
KM <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
<DeployedSpecification>
UK or BERLIN or STET
KM <WSO2_OB_KM_HOME>/repository/deployment/server/jaggeryapps/ccportal/configs/conf.json
<DeployedSpecification>
UK or BERLIN or STET
KM <WSO2_OB_KM_HOME>/repository/deployment/server/jaggeryapps/consentmgt/configs/conf.json
<DeployedSpecification>
UK or BERLIN or STET
You are now ready to start the API Manager and Key Manager servers. In the command line, navigate to the <WSO2_OB_KM_HOME>
/bin
folder, and run the following command:./wso2server.sh -Dsetup
Run the same command from the
<WSO2_OB_APIM_HOME>/bin
directory to start the API Manager server.
You have started the servers. Next, configure users, roles, and APIs.
Configuring users and roles
Sign in to the Identity and Access Management console (
https://localhost:9446/carbon
). Use the default super admin credentials as follows:Username: admin@wso2.com
Password: wso2123
The above mentioned username and password credentials are used for demo purposes only. It is recommended to change the credentials in a production environment.
Create the necessary user roles as follows:
On the Main tab, click Identity > Users and Roles > Add > Add New Role.
Create the following user roles:
Domain Role Permissions Internal
aispRole
No permissions required. Internal
pispRole
No permissions required. Internal
piispRole
No permissions required. Internal
approverRole
Admin permissions Internal
CustomerCareOfficer
No permissions required.
Create the necessary user accounts as follows:
On the Main tab, click Identity > Users and Roles > Add > Add New User.
Create the following users:
User Roles mark@gold.com Internal/creator
,Internal/publisher
ann@gold.com Internal/CustomerCareOfficer
tom@gold.com Internal/approverRole
Click Finish.
Now that you’ve added some users to the system, you can log in as one of them to see how a typical user might work with the WSO2 Open Banking solution.
Configuring APIs
You can configure APIs through the API Publisher by signing in as a user whose roles include Internal/publisher
. Follow the steps given below:
Sign in to the API Publisher (
https://
localhost
:9443/publisherClick ADD NEW API > I have an existing API.
Select the Swagger definition from
<WSO2_OB_APIM_HOME>/repository/resources/finance/apis
and configure the properties according to the open-banking specification. Find more information from the table given below.
Click Start Creating.- Click Next: Implement to navigate to the next level.
- Expand Managed API, and use the table below to select the relevant Endpoint Type from the drop-down list.
- Check Select a message mediation policy to be executed in the message flow under Message Mediation Policies.
Click Upload In Flow and select the corresponding In sequence file from
<WSO2_OB_APIM_HOME>/repository/resources/finance/apis.
Click Next: Manage to navigate to the next level.
- Expand Throttling Settings. Under Subscription Tiers, check the option as Unlimited : Allows unlimited requests unless you want to limit the requests.
Expand API Properties and add the following values as Additional properties:
Click the + button to save the above values.
Click Save & Publish.
Summarized information for configuring APIs
Configuring a consent management application
A consent management application is configured in order to manage a consent granted to an ASPSP. After successful configurations, you can try out the Customer Care Portal.
- On the Main tab of the Identity and Access Management Console, click Home > Identity > Service Providers> Add.
- Enter
consentmgt
as the Service Provider’s name. - Click Register.
- Click Inbound Authentication configuration > OAuth/OpenID Connect configuration > Configure.
Set the values for the following parameters and keep the default value for the other parameters.
Parameter Value OAuth Version 2.0 Allowed Grant Type code
Callback URL regexp=(https://localhost:9446/consentmgt|https://localhost:9446/consentmgt)
The first and second URLs are respectively redirected and logout URLs.
Regex-based consumer URLs are supported when defining the callback URL. This enables you to configure multiple callback URLs for one application by entering a regex pattern as the value for the callback URL field.
You must have the prefix regexp= before your regex pattern. To define a normal URL, you can specify the callback URL without this prefix.
The OAuth client key/client ID and OAuth client secret are generated. Those are used in Configuring consent management jaggery application.
Open the
wso2-obkm-version/repository/deployment/server/jaggeryapps/consentmgt/configs/
file. Modify theconf.json
apimHost
,applicationId
,authCredential
,redirectUrl
, andlogoutUrl
parameters as follows.In
authCredential
, be sure to encode theCLIENT_ID:CLIENT_SECRET
withBASE64ENCODE
encoding.{ "app" : "consentmgt", "applicationType" : "oauth2", "tenantDomain": "carbon.super", "apimHost":"http://localhost", "apimNioPort":"8280", "apimHttpPort":"9763", "kmHost" : "https://localhost", "kmPort" : "9446", "kmTokenAPI" : "oauth2/token", "kmAuthorizeAPI" : "oauth2/authorize", "applicationId":"<CLIENT_ID>", "authCredential":"<BASE64ENCODED CLIENT CREDENTIALS>", "redirectUrl":"https://localhost:9446/consentmgt", "logoutUrl": "https://localhost:9446/consentmgt", "tokenApiName" : "token", "tokenApiVersion" : "", "authorizeApiName" : "authorize", "authorizeApiVersion" : "", "pagination" : { "limit" : 11, "actualLimit" : 10, "offset": 0 }, "DeployedSpecification" : "UK" }
Important
Update the specification under
DeployedSpecification
parameter appropriately. Possible values areUK, BERLIN,
andSTET.
By default, the value is set toUK.
- Enter
https://localhost:9446/ccportal
URL on a web browser to access the Customer Care portal.
Troubleshooting
If you get hostname verification errors when accessing the Customer Care portal (https://localhost:9446/ccportal)
, add the following to the <WSO2_OBKM_HOME>/wso2server.sh
file and restart.
Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \
Dorg.wso2.ignoreHostnameVerification=true \
What's Next
We have now come to the end of the Quick Start Guide. There are some additional steps that you can take in order to enhance the security and performance of the Open Banking solution using the below features.