This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring Default Authenticators
An authenticator is an instrument that confirms the identity of a user when performing digital authentication. The WSO2 Open Banking solution contains two authenticators by default.
- Basic Authenticator
- SMS OTP Authenticator
The Basic Authenticator is configured as the first factor of authentication. You can further strengthen the security of this authentication by adding additional authentication steps, such as SMS OTP to implement SCA.
If you need to configure SMS OTP as a second authentication factor, you need to configure the SMS OTP Authenticator.
Configuring SMS OTP Authenticator
Follow the steps below to configure SMS OTP Authenticator.
- Start the WSO2 Open Banking Key Manager (WSO2 OB KM) server. Sign in to the Management Console (
https://localhost:9446/carbon
) as an administrator. - Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
- Fill the Basic Information section and name this identity provider SMSAuthentication.
- Expand the Federated Authenticators > SMS OTP Configuration section.
Select both the Enable and Default checkboxes. This is to enable and make the
SMSAuthentication
authenticator the default one.Based on your SMS provider, fill out the SMS OTP configurations.
If Twilio is used as the SMS provider,Go to https://www.twilio.com/try-twilio and create an account.
While registering the account, verify your mobile number and click on console home https://www.twilio.com/console to get free credits (Account SID and Auth Token).
Twilio uses a POST method with headers and the text message and phone number are sent as the payload. So the fields would be as follows.
SMS URL https://api.twilio.com/2010-04-01/Accounts/{AccountSID}/SMS/Messages.json HTTP Method POST HTTP Headers Authorization: Basic base64{AccountSID:AuthToken} HTTP Payload Body=$ctx.msg&To=$ctx.num&From=urlencode{TrialNumber} If you pass the text message and the phone number in any field, you have to replace them with
$ctx.num
and$ctx.msg
respectively.
E.g.,Body=$ctx.msg&To=$ctx.num&From=+12345678
Currently, the WSO2 OB KM supports only the following SMS providers.
- Click Register to add the Identity Provider.
Open the
<WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
file. Update the value of the<IdpName>
parameter under the<SCA>
element with the identity provider name.<SCA> <IdpName>SMSAuthentication</IdpName> </SCA>
For more information, see Configuring Multi-factor Authentication using SMS OTP
To verify the SMSAuthentication authenticator:
Follow the steps below to verify whether the SMSAuthentication
authenticator is properly configured.
Log in to the Management Console as the super admin.
In the Main menu under the Identity section, click List under Service Providers. The list of service providers created appears.
Select the service provider with the application name you created in step A. The service provider name is in the following format:
<WSO2_OB_APIM_ USERNAME>_<APPLICATION_NAME>_<ENVIRONMENT>
Click on the corresponding Edit link.
Expand Local & Outbound Authentication Configuration. Select Advanced Configuration. You can configure additional authentication steps and additional authentication options.
- If you have successfully configured the
SMSAuthentication
authenticator, you will see how it’s configured as the Federated Authenticator under Authentication Step Configuration > Step 2.