Configuring Default Authenticators

An authenticator is an instrument that confirms the identity of a user when performing digital authentication. The WSO2 Open Banking solution contains two authenticators by default.

• Basic Authenticator
• SMS OTP Authenticator

The Basic Authenticator is configured as the first factor of authentication. You can further strengthen the security of this authentication by adding additional authentication steps, such as SMS OTP to implement SCA.

If you need to configure SMS OTP as a second authentication factor, you need to configure the SMS OTP Authenticator.

Configuring SMS OTP Authenticator

Follow the steps below to configure SMS OTP Authenticator.

1. Start the WSO2 Open Banking Key Manager (WSO2 OB KM) server. Sign in to the Management Console as an administrator.
2. Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
3. Fill the Basic Information Section. Lets name this identity provider as SMSOTP.
   
4. Expand the Federated Authenticators> SMS OTP Configuration section.
   

   

   
   

5. Select both the Enable and Default checkboxes. This is to enable and make the SMSOTP authenticator the default.
   
   
   Based on your SMS provider, fill out the SMS OTP configurations.

   If Twilio is used as the SMS provider,

   • Go to https://www.twilio.com/try-twilio and create an account.

   • While registering the account, verify your mobile number and click on console home https://www.twilio.com/console to get free credits (Account SID and Auth Token).

   • Twilio uses a POST method with headers and the text message and phone number are sent as the payload. So the fields would be as follows.

     SMS URL	https://api.twilio.com/2010-04-01/Accounts/{AccountSID}/SMS/Messages.json
     HTTP Method	POST
     HTTP Headers	Authorization: Basic base64{AccountSID:AuthToken}
     HTTP Payload	Body=$ctx.msg&To=$ctx.num&From=urlencode{FROM_NUM}

   Please note currently the WSO2 OBKM supports only the following SMS providers.

   • Twilio

   • Nexmo

   • Clickatell

   • Plivo

   • Bulksms

   If you pass the text message and the phone number in any field, you have to replace them with $ctx.num and $ctx.msg respectively.
   E.g., Body=$ctx.msg&To=$ctx.num&From=+12345678

6. Click Register to add the Identity Provider. 

7. Open the <WSO2_OBKM_HOME>/repository/conf/finance/open-banking.xml file.  Update the value of the <IdpName> parameter under the <SCA> element with the identity provider name.

   <SCA>
   	<IdpName>SMSOTP</IdpName>
   </SCA>

   For more information go to Configuring Multi-factor Authentication using SMSOTP

   You can verify whether the SMSOTP authenticator is properly configured by following the steps below.

   1. /wiki/spaces/OB130/pages/49054553

   2. /wiki/spaces/OB130/pages/49054563

   3. Log in to WSO2_OB_KM Management Console as the super admin

   4. In the Main menu under the Identity section, click List under Service Providers . The list of service providers created appears

   5. Select the service provider with the application name you created in step A. The service provider name is in the following format

      <WSO2_OB_APIM_ USERNAME>_<APPLICATION_NAME>_<ENVIRONMENT>

   6. Click on the corresponding Edit link

   7. Expand Local & Outbound Authentication Configuration. Select Advanced Configuration. You can configure additional authentication steps and additional authentication options
      

   8. If you have successfully configured the SMSOTP authenticator, you will see how it’s configured as the Federated Authenticator under Authentication Step Configuration > Step 2