This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

In the WSO2 Open Banking solution, Mutual Transport Layer Security (MTLS) is enforced by using handlers in order to ensure that the authenticated client uses the pre-registered transport certificate to communicate with APIs.

Token endpoint security

To enable MTLS validation in the access token requests, add the following entries to the start of the <handlers> property in the <WSO2_OBAM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml file.

<handler class="com.wso2.finance.open.banking.mtls.validator.handler.GatewayClientAuthenticationHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

API resource security

The following configuration should be added to the <handlers> section of the velocity template located in the <WSO2_OBAM_HOME>/repository/resources/api_templates/velocity_template.xml file.

  1. Add MTLSValidationHandler at the start of the <handlers> section.

    MTLSValidationHandler mandates MTLS.

    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>

  2. Add MTLSClientTokenValidationHandler under handler <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler>.

    MTLSClientTokenValidationHandler ensures MTLS security.

    <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSClientTokenValidationHandler"/>

    If the APIs are already published, the above should be added to the <handlers> property in the synapse configurations of the published APIs, which are located in the <WSO2_OBAM_HOME>/repository/deployment/server/synapse-configs/default/api file.

  • No labels