Configuring Open Banking API Manager for Berlin

Do the following configurations in API Manager and restart the server.

Make sure the Key Manager server is running before you start the API Manager server.

Go to the <WSO2_OB_APIM_HOME>/bin directory and execute the following command:

./wso2server.sh

Configuring the axis2.xml file

Configure the <WSO2_OB_APIM_HOME>/repository/conf/axis2/axis2.xml file with the following configurations.
1. Add the following messageformatter contentType to messageformatter.
```
<messageFormatter contentType="application/jwt"
                          class="org.apache.axis2.format.PlainTextFormatter"/>
```
2. Add the following messageBuilder contentType to MessageBuilders.
```
<messageBuilder contentType="application/jwt"
                        class="org.apache.axis2.format.PlainTextBuilder"/>
```
3. Set the SSLVerifyClient parameter as optional in https transportansReciever of transport Ins (Listeners).
```
<transportReceiver name="https">
<parameter name="SSLVerifyClient">optional</parameter>
</transportReceiver>
```
4. Change the supported value for the HostnameVerifier parameter as AllowAll . Other supported values are Strict , DefaultAndLocalhost, or default. default is used if none specified.
```
<parameter name="HostnameVerifier">AllowAll</parameter>
```

Configuring datasources

Make sure to update the URL, username, password, and driver class name accordingly.

Configure the <WSO2_OB_APIM_HOME>/repository/conf/datasources/master-datasources.xml file. Given below is a sample of MySQL configurations.

If you are using Oracle, update the validationQuery in each datasource with the following value.

<validationQuery>SELECT 1 FROM DUAL</validationQuery>

<datasources>
	<datasource>
		<name>WSO2_CARBON_DB</name>
		<description>The datasource used for registry and user manager</description>
		<jndiConfig>
			<name>jdbc/WSO2CarbonDB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</url>
				<username>wso2carbon</username>
				<password>wso2carbon</password>
				<driverClassName>org.h2.Driver</driverClassName>
				<maxActive>50</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<validationInterval>30000</validationInterval>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2AM_DB</name>
		<description>The datasource used for API Manager database</description>
		<jndiConfig>
			<name>jdbc/WSO2AM_DB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2AM_STATS_DB</name>
		<description>The datasource used for getting statistics to API Manager</description>
		<jndiConfig>
			<name>jdbc/WSO2AM_STATS_DB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2_MB_STORE_DB</name>
		<description>The datasource used for message broker database</description>
		<jndiConfig>
			<name>WSO2MBStoreDB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_mbstoredb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2UM_DB</name>
		<description>The datasource used by user manager</description>
		<jndiConfig>
			<name>jdbc/WSO2UM_DB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_userdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2CONFIG_DB</name>
		<description>The datasource used by the registry</description>
		<jndiConfig>
			<name>jdbc/WSO2Config_DB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_am_configdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
	<datasource>
		<name>WSO2REG_DB</name>
		<description>The datasource used by the registry</description>
		<jndiConfig>
			<name>jdbc/WSO2REG_DB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_govdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>DB_DRIVER</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
</datasources>

Copy the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2-obcommon-conf/open-banking-datasources.xml file into the <WSO2_OB_APIM_HOME>/repository/conf/datasources directory.

Open <WSO2_APIM_HOME>/repository/conf/datasources/open-banking-datasources.xml and update the WSO2_OPEN_BANKING_DB datasource. Given below is a sample of MySQL configurations.

<datasources>
	<datasource>
		<name>WSO2_OPEN_BANKING_DB</name>
		<description>The datasource used for registry and user manager</description>
		<jndiConfig>
			<name>jdbc/WSO2OpenBankingDB</name>
		</jndiConfig>
		<definition type="RDBMS">
			<configuration>
				<url>jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false</url>
				<username>root</username>
				<password>root</password>
				<driverClassName>com.mysql.jdbc.Driver</driverClassName>
				<maxActive>150</maxActive>
				<maxWait>60000</maxWait>
				<testOnBorrow>true</testOnBorrow>
				<validationQuery>SELECT 1</validationQuery>
				<!--Use below for oracle-->
				<!--<validationQuery>SELECT 1 FROM DUAL</validationQuery>-->
				<validationInterval>30000</validationInterval>
				<defaultAutoCommit>false</defaultAutoCommit>
			</configuration>
		</definition>
	</datasource>
</datasources>

Update the properties of the <WSO2_OB_APIM_HOME>/repository/conf/registry.xml file appropriately.

<dbConfig name="wso2registry">
        <dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>


<dbConfig name="configRegistry">
        <dataSource>jdbc/WSO2Config_DB</dataSource>
</dbConfig>

    <remoteInstance url="https://<WSO2_OB_APIM_HOST>:9443/registry">
        <id>configInstance</id>
        <dbConfig>configRegistry</dbConfig>
        <readOnly>false</readOnly>
        <enableCache>true</enableCache>
        <registryRoot>/</registryRoot>
    </remoteInstance>

    <mount path="/_system/config" overwrite="true">
        <instanceId>configInstance</instanceId>
        <targetPath>/_system/config</targetPath>
    </mount>


    <dbConfig name="governanceRegistry">
        <dataSource>jdbc/WSO2REG_DB</dataSource>
    </dbConfig>

    <remoteInstance url="https://<WSO2_OB_APIM_HOST>:9443/registry">
        <id>governanceInstance</id>
        <dbConfig>governanceRegistry</dbConfig>
        <readOnly>false</readOnly>
        <enableCache>true</enableCache>
        <registryRoot>/</registryRoot>
    </remoteInstance>

    <mount path="/_system/governance" overwrite="true">
        <instanceId>governanceInstance</instanceId>
        <targetPath>/_system/governance</targetPath>
	</mount>

Update the data source of the <WSO2_OB_APIM_HOME>/repository/conf/user-mgt.xml file in order to point to the WSO2UM_DB.

<Property name="dataSource">jdbc/WSO2UM_DB</Property>

Enable the internal JDBC user store of the <WSO2_OB_APIM_HOME> /repository/conf/ user-mgt.xml file. Update the UsernameJavaRegEx, UsernameJavaScriptRegEx, IsBulkImportSupported, and UsernameWithEmailJavaScriptRegEx properties using the sample configuration given below:

<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
            <Property name="ReadOnly">false</Property>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="UsernameJavaRegEx">a-zA-Z0-9@._-{3,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
            <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
            <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="CaseInsensitiveUsername">true</Property>
            <Property name="SCIMEnabled">false</Property>
            <Property name="IsBulkImportSupported">false</Property>
            <Property name="PasswordDigest">SHA-256</Property>
            <Property name="StoreSaltedPassword">true</Property>
            <Property name="MultiAttributeSeparator">,</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="UserNameUniqueAcrossTenants">false</Property>
	    <Property name="UsernameWithEmailJavaScriptRegEx">^[\S]{3,30}$</Property>
        </UserStoreManager>

Configuring the velocity_template.xml file

Open <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml and add the following handlers:

MTLSValidationHandler
MTLSClientTokenValidationHandler

Click here to See the functionality of each handler...

Handler Description

MTLSValidationHandler

MTLSValidationHandler in the <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml ensures that the communication is initiated within a mutually authenticated Transport Layer Security (TLS) session by checking if the transport certificate is available as a property in the Axis2 message context.

<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

MTLSClientTokenValidationHandler

MTLSClientTokenValidationHandler in the <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml validates the subject domain name of the certificate during API invocations with the certificate information gathered during the registration.

<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler"/>

In addition, this handler is able to validate the TPP role according to eIDAS. If you need to enable the TPP role validation, uncomment the following properties under the handler. Under the "value" parameter, set the scope that you give in the WSO2 Open Banking API Publisher when publishing the relevant API:

 <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler">
        <property name="pspRoleValidationEnabled" value="true"/>
        <property name="paymentInitiationScopes" value="payments"/>
        <property name="accountInformationScopes" value="accounts"/>
        <property name="cardBasedPaymentInstrumentsScopes" value="fundsconfirmations"/>
</handler>

Configuring the api-manager.xml file

Update the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file with the following configurations.

Add the port to the ServerURL parameter of authentication service under AuthManager and APIKeyValidator.
```
<ServerURL>https://<WSO2_OB_KM_HOST>:9446${carbon.context}services/</ServerURL>
```

Update the endpoint URLs for the APIs hosted in this API Gateway under GatewayEndpoint parameter as follows:

<GatewayEndpoint>http://<WSO2_OB_APIM_HOST>:${http.nio.port},https://<WSO2_OB_APIM_HOST>:${https.nio.port}</GatewayEndpoint>

Enable analytics for the API Manager under Analytics parameter as follows:
```
<Analytics>
  <Enabled>true</Enabled>
</Analytics>
```

Update the StreamProceesorUsername, StreamProcessorRestApiUsername as follows:

<StreamProcessorUsername>admin@wso2.com@carbon.super</StreamProcessorUsername>
<StreamProcessorRestApiUsername>admin@wso2.com@carbon.super</StreamProcessorRestApiUsername>

Update Username under PolicyDeployer as follows:

<PolicyDeployer>
	<Username>admin@wso2.com@carbon.super</Username>
</PolicyDeployer>

Update the PublisherClass in API usage data publisher.

<PublisherClass>com.wso2.finance.open.banking.gateway.uk.monitoring.publisher.OBUsageDataBridgeDataPublisher</PublisherClass>

Change the value to WSClient under APIKeyValidator. After this configuration, it switches back to web service client.
```
 <KeyValidatorClientType>WSClient</KeyValidatorClientType>
```
Update the value as false for the EnableThriftServer.
```
 <EnableThriftServer>false</EnableThriftServer>
```

Update KeyManagerClientImpl under APIManager.

 <KeyManagerClientImpl>com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient</KeyManagerClientImpl>

Disable RemoveOAuthHeadersFromOutMessage to remove OAuth headers from an outgoing message by updating the value as false of RemoveOAuthHeadersFromOutMessage under OAuthConfigurations parameter.
```
<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
```

Update the ScopeWhiteList under OAuthConfigurations as following:

<ScopeWhitelist>
           <Scope>openid</Scope>
           <Scope>^OB_.*</Scope>
           <Scope>^TIME_.*</Scope>
</ScopeWhitelist>

Set the value as false for DisplayComments and DisplayRatings under APIStore.

 <DisplayComments>false</DisplayComments>
 <DisplayRatings>false</DisplayRatings>

Add URL under APIPublisher.

<URL>https://<WSO2_OB_APIM_HOST>:${mgt.transport.https.port}/publisher</URL>

Update connectionfactory.TopicConnectionFactory under JMSConnectionParameters as follows:

<JMSConnectionParameters>
<connectionfactory.TopicConnectionFactory>
amqp://admin!wso2.com!carbon.super:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'
</connectionfactory.TopicConnectionFactory>        		    
</JMSConnectionParameters>

Configuring the carbon.xml file

Update HostName and MgtHostName with the hostname of the API Manager server in the <WSO2_OB_APIM_HOME>/repository/conf/carbon.xml file.

<HostName><WSO2_OB_APIM_HOST></HostName>
<MgtHostName><WSO2_OB_APIM_HOST></MgtHostName>

Configuring the claim-config.xml file

Add the following ClaimConfig parameters in the <WSO2_OB_APIM_HOME>/repository/conf/claim-config.xml file.

<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicName</ClaimURI>
	<DisplayName>Legal entity name</DisplayName>
	<AttributeID>pspName</AttributeID>
	<Description>Payment Service Providers name</Description>
	<DisplayOrder>11</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicCountryRegistration</ClaimURI>
	<DisplayName>Country of registration</DisplayName>
	<AttributeID>pspCountry</AttributeID>
	<Description>Country of registration</Description>
	<DisplayOrder>12</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterAuthorizedNumber</ClaimURI>
	<DisplayName>Legal Entity Identifier (LEI) number</DisplayName>
	<AttributeID>pspAuthorizedNumber</AttributeID>
	<Description>Legal Entity Identifier (LEI) number</Description>
	<DisplayOrder>13</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterName</ClaimURI>
	<DisplayName>Company register</DisplayName>
	<AttributeID>pspRegisterCompany</AttributeID>
	<Description>Company register</Description>
	<Required />
	<DisplayOrder>14</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterNumber</ClaimURI>
	<DisplayName>Company registration number</DisplayName>
	<AttributeID>pspRegisterNumber</AttributeID>
	<Description>Company registration number</Description>
	<Required />
	<DisplayOrder>15</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterAddressLine1</ClaimURI>
	<DisplayName>Address line 1</DisplayName>
	<AttributeID>pspRegisterAddressLine1</AttributeID>
	<Description>Address line 1</Description>
	<DisplayOrder>16</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterAddressLine2</ClaimURI>
	<DisplayName>Address line 2</DisplayName>
	<AttributeID>pspRegisterAddressLine2</AttributeID>
	<Description>Address line 2</Description>
	<DisplayOrder>17</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterCity</ClaimURI>
	<DisplayName>City</DisplayName>
	<AttributeID>pspRegisterCity</AttributeID>
	<Description>City</Description>
	<DisplayOrder>18</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterPostalCode</ClaimURI>
	<DisplayName>Postal code</DisplayName>
	<AttributeID>pspRegisterPostalCode</AttributeID>
	<Description>Postal code</Description>
	<DisplayOrder>19</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspBasicRegisterCountry</ClaimURI>
	<DisplayName>Country</DisplayName>
	<AttributeID>pspRegisterCountry</AttributeID>
	<Description>Country</Description>
	<Required />
	<DisplayOrder>20</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityCountry</ClaimURI>
	<DisplayName>Competent authority country</DisplayName>
	<AttributeID>pspCompetentAuthorityCountry</AttributeID>
	<Description>Competent authority country</Description>
	<DisplayOrder>21</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthority</ClaimURI>
	<DisplayName>Competent authority</DisplayName>
	<AttributeID>pspCompetentAuthority</AttributeID>
	<Description>Competent authority</Description>
	<Required />
	<DisplayOrder>22</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityRegisistrationNumber</ClaimURI>
	<DisplayName>Competent authority registration number</DisplayName>
	<AttributeID>pspCompetentAuthorityRegistrationNumber</AttributeID>
	<Description>Competent authority registration number</Description>
	<Required />
	<DisplayOrder>23</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityUrl</ClaimURI>
	<DisplayName>URL of the competent authority register page showing the entity</DisplayName>
	<AttributeID>pspCompetentAuthorityUrl</AttributeID>
	<Description>Competent authority url</Description>
	<Required />
	<DisplayOrder>24</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityRole</ClaimURI>
	<DisplayName>Please select the Open Banking role(s) you wish to enrol for</DisplayName>
	<AttributeID>pspCompetentAuthorityRole</AttributeID>
	<Description>Please select the Open Banking role(s) you wish to enrol for</Description>
	<DisplayOrder>25</DisplayOrder>
	<Required />
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityRoleVerify</ClaimURI>
	<DisplayName>Are you registered to provide the services for all the role(s) you have selected?</DisplayName>
	<AttributeID>pspCompetentAuthorityRoleVerify</AttributeID>
	<Description>Are you registered to provide the services for all the role(s) you have selected?</Description>
	<Required />
	<DisplayOrder>26</DisplayOrder>
	<SupportedByDefault />
</Claim>
<Claim>
	<ClaimURI>http://wso2.org/claims/pspCompetentAuthorityRoleVerify2</ClaimURI>
	<DisplayName>Have you applied for registration to provide the services for the role(s) you have selected?</DisplayName>
	<AttributeID>pspCompetentAuthorityRoleVerify2</AttributeID>
	<Description>Have yoy applied for registration to provide the services for the role(s) you have selected?</Description>
	<DisplayOrder>27</DisplayOrder>
	<SupportedByDefault />
</Claim>

Disabling weak ciphers

A cipher is an algorithm for performing encryption or decryption. When you set the SSL protocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks. To prevent these types of security attacks, it is encouraged to disable the weak ciphers.

Refer to Disabling weak ciphers in the WSO2 Administration Guide and disable weak ciphers.