This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

WSO2 Open Banking 1.3.0 supports OpenID Functional Conformance suite v1.1.19.

An Open Banking Implementation Entity ( OBIE) Functional Conformance Certificate allows an implementer to demonstrate that they have successfully implemented all required functional elements of the OBIE Read/Write API Specifications, passing all tests performed by the Functional Conformance Tool. 

This document contains the following topics:

Before you begin:

  1. Download and unzip the following:
    • wso2-obam-1.3.0.zip (WSO2 Open Banking API Manager)
    • wso2-obkm-1.3.0.zip (WSO2 Open Banking Key Manager)

     Click here to see how to download the packs from WUM

    Set up the WSO2 Update Manager (WUM). 

    • WUM is a simple command-line tool that connects to the WSO2 update service, determines which updates are new and relevant, and downloads them. You can get the latest version of the WSO2 Open Banking product packs through WUM.

      License

      WSO2 Open Banking is not distributed under the Apache Community License and is only available under the WSO2 Software License. You need a WSO2 subscription to install and update the WSO2 Open Banking solution via WUM. Contact us to find out how you can access a free evaluation copy...

    • Follow the guidelines provided in the Download WUM page to download, and install WUM in your environment. For more information on how to use WUM, see the /wiki/spaces/updates/pages/16318500.

        1. Add the necessary product packs using the commands given below:

          wum add wso2-obam-1.3.0              		 	                	     
          wum add wso2-obkm-1.3.0 
        2. Update the product packs using the commands given below:

          wum update wso2-obam-1.3.0	                	     
          wum update wso2-obkm-1.3.0               	     
        3. Additionally, download and update the other instances of WSO2 Open Banking product.

          wum add wso2ei-6.4.0
          wum update wso2ei-6.4.0
          
          wum add wso2am-analytics-2.6.0    
          wum update wso2am-analytics-2.6.0 
             
          wum add wso2-obbi-1.3.0
          wum update wso2-obbi-1.3.0
    • The product packs reside in the <WUM_HOME>/products/<Product_Name>/<version>/full directory as <Product_name-<version>+<timestamp>.full.zip. Copy the product packs to a preferred location in each node, and extract them.

    WSO2 Updates Manager (WUM) is deprecated and will be unavailable from July 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates.

     Click here to see how to update the solution via WSO2 Update tool...

    The WSO2 Update tool delivers hotfixes and updates seamlessly on top of products as WSO2 Updates. They include improvements that are released by WSO2. You need to update all the products using the relevant script.

    • Go to <PRODUCT_HOME>/bin and run the WSO2 Update tool: 

    • Repeat this step for all the products in the solution:
      • wso2-obkm-1.3.0 
      • wso2-obam-1.3.0 
      • wso2-obbi-1.3.0
      • wso2am-analytics-2.6.0

    This document refers to the file paths of the product packs for the Key Manager, API Manager, API Manager Analytics, and Enterprise Integrator as <wso2-obkm>, <wso2-obam>, <wso2am-analytics>, and <wso2ei> respectively.

  2. Configure the databases and setup the solution.

Configuring the solution 

  1. Do the following changes in WSO2 Open Banking Key Manager(WSO2_OB_KM).
    1. Open the <WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml file. Set the RenewTokenPerRequest property to false.

      The RenewTokenPerRequest configuration provides the ability to renew the access token and refresh token per each token request. It also revokes the previously available active token for a matching clientId, user and scopes combination. 

      <RenewTokenPerRequest>false</RenewTokenPerRequest>
    2. Open the <WSO2_OB_KM_HOME>/repository/conf/identity/identity.xml file. Update the <WSO2_OB_APIM_HOST> placeholder with the hostname of the API Manager server. 

      The IDTokenIssuerID property sets the IssuerID of the IDToken

      <IDTokenIssuerID>https://<WSO2_OB_APIM_HOST>:8243/token</IDTokenIssuerID>
    3. Open the <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml file and set the MaximumFuturePaymentDays value to 365 days.

      <PaymentRestrictions>
      	<MaximumFuturePaymentDays>365</MaximumFuturePaymentDays>
      </PaymentRestrictions>
  2. Configure the certificates.

    Go to <WSO2_OB_APIM_HOME>/repository/resources/security/  directory and execute the following commands.


    1. Create a new alias for wso2carbon.jks.

      keytool -genkey -alias <WSO2_OB_APIM_HOST> -keyalg RSA -keysize 2048 -validity 3950 -keystore wso2carbon.jks
    2. Create a certificate using the alias created in the step above and import it to the client-truststore.

      keytool -export -alias <WSO2_OB_APIM_HOST> -file <WSO2_OB_APIM_HOST>.crt -keystore wso2carbon.jks
    3. Import the certificate to the client-truststore.

      keytool -import -trustcacerts -alias <WSO2_OB_APIM_HOST> -file <WSO2_OB_APIM_HOST>.crt -keystore client-truststore.jks 
  3. Start WSO2 Open Banking Key Manager and API Manager servers.
  4. Deploy Account API v3.1.0 and Payment API v3.1.0.

    If you do not send the x-jws-signature header with the request (“-e DISABLE_JWS=FALSE”), remove the following handlers.
    Open the <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/<USERNAME>--PaymentInitiationAPI_vv3.1.xml file in a text editor.
    Comment out the and remove the following handlers:

    • com.wso2.finance.open.banking.gateway.jws.UKJwsSignatureHandler
    • com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler

    If you’re using the Dynamic Client Registration v3.2 API, you may skip Setting up the test suite.

  5. Sign in to the API Store as the TPP at https://<WSO2_OB_APIM_HOST>:9443/store

  6. Create an application.

  7. Subscribe to the APIs deployed in step 4.

  8. Create the public certificate of the signing certificate and generate keys.

Setting up the test suite

  1. Execute the following command in a terminal to pull and run the image.

    docker run -it --name=fsuite -p 8443:8443 -e LOG_LEVEL=debug -e LOG_TRACER=true -e LOG_HTTP_TRACE=true -e DISABLE_JWS=TRUE "openbanking/conformance-suite:v1.1.19"
  2. Add the certificates to the container.
    1. Go to <WSO2_OB_APIM_HOME>/repository/resources/security and execute the command below to generate the pem file for <WSO2_OB_APIM_HOST>.crt

      openssl x509 -inform der -in <WSO2_OB_APIM_HOST>.crt -out <WSO2_OB_APIM_HOST>.pem
    2. Log in to the container

      docker exec -it fsuite /bin/bash
    3. Add the <WSO2_OB_APIM_HOST>.pem certificate to the following locations:

      - /usr/local/share/ca-certificates/<WSO2_OB_APIM_HOST>.pem
      - /etc/ssl/certs/<WSO2_OB_APIM_HOST>.pem

    4. Run the following command.

      update-ca-certificates
    5. Stop the container.

      docker stop fsuite
    6. Restart the container

      docker start -a fsuite
  3. Access the test suite at https://<WSO2_OB_APIM_HOST>:8443
  4. Select Open Banking test suite and start the test.
  5. In the Discovery step, update the following values in the JSON file. 

    A sample configure.json is available here.

    discoveryItems
    apiSpecification nameAccount and Transaction API Specification

    openidConfigurationUri

    The OpenID Connect discovery endpoint. For example:

    https://10.100.0.3:8243/.well-known/openid-configuration

    resourceBaseUri

    Production/Sandbox URL for the API. For example:
    https://10.100.0.3:8243/open-banking/v3.1/aisp

    discoveryItems
    apiSpecification namePayment Initiation API

    openidConfigurationUri

    The OpenID Connect discovery endpoint. For example:

    https://10.100.0.3:8243/.well-known/openid-configuration

    resourceBaseUri

    Production/Sandbox URL for the API. For example:

    https://10.100.0.3:8243/open-banking/v3.1/pisp

  6. Click Next and proceed to the Configuration stage.

  7. Add the following mandatory configurations in the form/JSON file.


    A sample configure.json is availble here.

    Client

    Private Signing Key (.key):

    The Private Signing Key certificate of the client/application created in the section above .

    Public Signing Certificate (.pem):

    The Public Signing Certificate of the client/application created in the section above.

    Private Transport Key (.key):

    The Private Transport Key certificate of the client/application created in the section above.

    Public Transport Certificate (.pem):

    The Public Transport Certificate of the client/application created in the section above.

    Account IDs

    The Account IDs of the account resources that the customer (PSU) has consented to provide to the client/application.

    Statement IDs

    The Statement IDs of the statement resources that the customer (PSU) has consented to provide to the client/application.

    Client ID

    Consumer key of the client/application created in the section above.

    Client Secret

    Consumer secret of the client/application created in the section above.

    x-fapi-financial-id

    The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB.

    For example: open-bank

    Well-Known

    OAuth 2.0 response_type

    A JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values

    Request object signing algorithm

    The algorithm used to sign requests objects

    Resource Base URL

    The base URL of the WSO2 OB APIM server. For example: https://<WSO2_OB_APIM_HOST>:8243

    Payments

    Identification

    Beneficiary account identification

    Name

    Name of the account, as assigned by the account servicing institution.

    Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account.

    International Identification

    The international beneficiary account identification

    International Name

    International name of the account, as assigned by the account servicing institution.

    Usage: The account name is the name or names of the account owner(s) represented at an account level. The account name is not the product name or the nickname of the account.

  8. Click Next and run the suite.

  • No labels