This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Default Authenticators

An authenticator is an instrument that confirms the identity of a user when performing digital authentication. The WSO2 Open Banking solution contains two authenticators by default.

  • Basic Authenticator
  • SMS OTP Authenticator

The Basic Authenticator is configured as the first factor of authentication. You can further strengthen the security of this authentication by adding additional authentication steps, such as SMS OTP to implement SCA.

If you need to configure SMS OTP as a second authentication factor, you need to configure the SMS OTP Authenticator.

Configuring SMS OTP Authenticator

Follow the steps below to configure SMS OTP Authenticator.

  1. Start the WSO2 Open Banking Key Manager (WSO2 OB KM) server. Sign in to the Management Console (https://localhost:9446/carbon) as an administrator.
  2. Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
  3. Fill the Basic Information section and name this identity provider SMSAuthentication.
  4. Expand the Federated Authenticators > SMS OTP Configuration section.

  5. Select both the Enable and Default checkboxes. This is to enable and make the SMSAuthentication authenticator the default one.

    Based on your SMS provider, fill out the SMS OTP configurations.

    If Twilio is used as the SMS provider,
    • Go to https://www.twilio.com/try-twilio and create an account.

    • While registering the account, verify your mobile number and click on console home https://www.twilio.com/console to get free credits (Account SID and Auth Token).

    • Twilio uses a POST method with headers and the text message and phone number are sent as the payload. So the fields would be as follows.

      SMS URLhttps://api.twilio.com/2010-04-01/Accounts/{AccountSID}/SMS/Messages.json
      HTTP MethodPOST
      HTTP HeadersAuthorization: Basic base64{AccountSID:AuthToken}
      HTTP PayloadBody=$ctx.msg&To=$ctx.num&From=urlencode{TrialNumber}

      If you pass the text message and the phone number in any field, you have to replace them with $ctx.num and $ctx.msg respectively.
      E.g., Body=$ctx.msg&To=$ctx.num&From=+12345678

    Currently, the WSO2 OB KM supports only the following SMS providers.

  6. Click Register to add the Identity Provider. 
  7. Open the <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml file.  Update the value of the <IdpName> parameter under the <SCA> element with the identity provider name.

    <SCA>
    	<IdpName>SMSAuthentication</IdpName>
    </SCA>

For more information, see Configuring Multi-factor Authentication using SMS OTP

To verify the SMSAuthentication authenticator:

Follow the steps below to verify whether the SMSAuthentication authenticator is properly configured.

  1. Create an application in WSO2 OB APIM.

  2. Generate Access Tokens and Security Keys.

  3. Log in to the Management Console as the super admin.

  4. In the Main menu under the Identity section, click List under Service Providers. The list of service providers created appears.

  5. Select the service provider with the application name you created in step A. The service provider name is in the following format:

    <WSO2_OB_APIM_ USERNAME>_<APPLICATION_NAME>_<ENVIRONMENT>

  6. Click on the corresponding Edit link.

  7. Expand Local & Outbound Authentication Configuration. Select Advanced Configuration. You can configure additional authentication steps and additional authentication options.

  8. If you have successfully configured the SMSAuthentication authenticator, you will see how it’s configured as the Federated Authenticator under Authentication Step Configuration > Step 2.