This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Consent Revocation Apps

Owned by Former user (Deleted)
Last updated: Dec 16, 2019 by Former user (Deleted)
2 min read

WSO2 Open Banking solution includes consent revocation apps that support bank customers (PSUs) and banks (ASPSPs) to revoke consents. The consent revocation app provided to PSU is known as Self-care portal and the consent revocation app provided to ASPSP is known as Customer Care portal. 

In order to manage the consents granted to a Third-Party Provider using the Self-care portal,  do the following configurations. 

  1. Go to the Identity and Access Management Console at https://<WSO2_OB_KM_HOST>:9446/carbon.
  2. On the Main tab, click Home > Identity > Service Providers> Add.
  3. Enter consentmgt as the Service Provider’s name. 
  4. Click Register.
  5. Click Inbound Authentication configuration > OAuth/OpenID Connect configuration > Configure.

  6. Set the values for the following parameters and keep the default value for the other parameters.

    ParameterValue
    OAuth Version2.0
    Allowed Grant Type

    code

    Callback URL

    regexp=(https://<WSO2_OB_KM_HOST>:9446/consentmgt|https://<WSO2_OB_KM_HOST>:9446/consentmgt)

    The first and second URLs are respectively; redirect and logout URLs.

    Regex-based consumer URLs are supported when defining the callback URL. This enables you to configure multiple callback URLs for one application by entering a regex pattern as the value for the callback URL field.

    You must have the prefix regexp= before your regex pattern. To define a normal URL, you can specify the callback URL without this prefix.


  7. Click Add.

    The OAuth client key/client ID and OAuth client secret are generated. Those are used in Configuring consent management jaggery application.

  8. Open the < WSO2_OB_KM_HOME> /repository/deployment/server/jaggeryapps/consentmgt/configs/conf.json file. Modify the apimHostapplicationIdauthCredentialredirectUrl, and logoutUrl parameters as follows. 

    In authCredential, be sure to encode the CLIENT_ID:CLIENT_SECRET with BASE64ENCODE encoding. 

    {
	"app" : "consentmgt",
	"applicationType" : "oauth2",
	"tenantDomain": "carbon.super",
	"apimHost":"http://<WSO2_OB_APIM_HOST>",
	"apimNioPort":"8280",
	"apimHttpPort":"9763",
	"kmHost" : "https://<WSO2_OB_KM_HOST>",
	"kmPort" : "9446",
	"kmTokenAPI" : "oauth2/token",
	"kmAuthorizeAPI" : "oauth2/authorize",
	"applicationId":"<CLIENT_ID>",
	"authCredential":"<BASE64ENCODED CLIENT CREDENTIALS>",
	"redirectUrl":"https://<WSO2_OB_KM_HOST>:9446/consentmgt",
	"logoutUrl": "https://<WSO2_OB_KM_HOST>:9446/consentmgt",
	"tokenApiName" : "token",
	"tokenApiVersion" : "",
	"authorizeApiName" : "authorize",
	"authorizeApiVersion" : "",
	"pagination" : {
		"limit" : 11,
		"actualLimit" : 10,
		"offset": 0
	},
	"DeployedSpecification" : "UK"
}

    Important

    Update the specification under DeployedSpecification parameter appropriately. Possible values are UK, BERLIN, and STET. By default, the value is set to UK.

Try out the Customer Care Portal at https://<WSO2_OB_KM_HOST>:9446/ccportal. Sign in to the Customer Care Portal with the credentials for Internal/CustomerCareOfficer.

Troubleshooting

If you get hostname verification errors when accessing the Customer Care portal (https://<WSO2_OB_KM_HOST>:9446/ccportal), add the following to the <WSO2_OB_KM_HOME>/bin/wso2server.sh file and restart.

  • Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \
  • Dorg.wso2.ignoreHostnameVerification=true \

Try out the consent revocation apps in WSO2 Open Banking.