Setting up servers
This section guides you to set up and prepare the servers to run WSO2 Open Banking UK Toolkit.
Installing base products¶
-
WSO2 Open Banking UK Toolkit runs on top of WSO2 Identity Server, API Manager, and Streaming Integrator, which are referred to as base products. Before setting up the toolkit, download and install the base products. You can use any of the following combinations:
Base Product Combination 01 Combination 02 WSO2 Identity Server 5.11.0 6.0.0 WSO2 API Manager 4.1.0 or 4.0.0 4.2.0 WSO2 Streaming Integrator 4.0.0 4.2.0 -
To configure the Identity Server with the API Manager, install the respective WSO2 IS Connector according to the API Manager version you have downloaded.
Installing WSO2 Open Banking Accelerator¶
-
If you have an active WSO2 Open Banking subscription, contact us via WSO2 Online Support System to download Open Banking Accelerator 3.0.0.
Note
If you don't have a WSO2 Open Banking subscription, contact us for more information.
-
Extract the downloaded WSO2 Open Banking Accelerator zip files. WSO2 Open Banking Accelerator contains the following accelerators.
- wso2-obiam-accelerator-3.0.0
- wso2-obam-accelerator-3.0.0
- wso2-obbi-accelerator-3.0.0
-
Go to the root directories of WSO2 Identity Server, API Manager and Streaming Integrator. These root directories are the product homes.
Tip
This documentation will refer to the product homes as
<IS_HOME>
,<APIM_HOME>
, and<SI_HOME>
respectively. -
Place the relevant accelerator zip files and extract them in their respective product homes:
File Directory location to place the Accelerator wso2-obiam-accelerator-3.0.0 <IS_HOME>
wso2-obam-accelerator-3.0.0.zip <APIM_HOME>
wso2-obbi-accelerator-3.0.0.zip <SI_HOME>
Tip
This documentation will refer to the above-extracted directories of the accelerators as
<OB_IS_ACCELERATOR_HOME>
,<OB_APIM_ACCELERATOR_HOME>
,<OB_BI_ACCELERATOR_HOME>
respectively.
Installing WSO2 Open Banking UK Toolkit¶
Before you begin
See the environment compatibility to determine whether the current toolkit version is compatible with your operating system.
-
If you have an active WSO2 Open Banking subscription, contact us via WSO2 Online Support System to download Open Banking UK Toolkit 1.0.0.
Note
If you don't have a WSO2 Open Banking subscription, contact us for more information.
-
Extract the downloaded WSO2 Open Banking Toolkit zip files. It contains the following toolkits.
- wso2-obiam-toolkit-uk-1.0.0
- wso2-obam-toolkit-uk-1.0.0
- wso2-obbi-toolkit-uk-1.0.0
-
Go to the product homes directories of WSO2 Identity Server, API Manager and Streaming Integrator.
-
Place the relevant toolkit zip files and extract them in their respective product homes:
File Directory location to place the Accelerator wso2-obiam-toolkit-uk-1.0.0.zip <IS_HOME>
wso2-obam-toolkit-uk-1.0.0.zip <APIM_HOME>
wso2-obbi-toolkit-uk-1.0.0.zip <SI_HOME>
Tip
This documentation will refer to the above-extracted directories of the toolkits as
<OB_IS_TOOLKIT_HOME>
,<OB_APIM_TOOLKIT_HOME>
,<OB_BI_TOOLKIT_HOME>
respectively.
Getting WSO2 Updates¶
The WSO2 Update tool delivers hotfixes and updates seamlessly on top of products as WSO2 Updates. They include improvements that are released by WSO2. You need to update the base products, accelerators, and toolkits using the relevant script.
-
Go to
<PRODUCT_HOME>/bin
and run the WSO2 Update tool:-
Repeat this step for the WSO2 Identity Server, API Manager, and Stream Integrator products.
./wso2update_linux
./wso2update_darwin
./wso2update_windows.exe
-
-
Go to
<ACCELERATOR_HOME>/bin
and run the WSO2 Update tool:-
Repeat this step for the WSO2 Open Banking Identity Server, API Manager, and Business Intelligence accelerators.
./wso2update_linux
./wso2update_darwin
./wso2update_windows.exe
-
-
Go to
<TOOLKIT_HOME>/bin
and run the WSO2 Update tool:-
Repeat this step for the WSO2 Open Banking Identity Server, API Manager, and Business Intelligence tookits.
./wso2update_linux
./wso2update_darwin
./wso2update_windows.exe
-
For more information, see the WSO2 Updates documentation.
Setting up Accelerators¶
-
To copy the accelerator files to the API Manager server, go to the
<APIM_HOME>/<OB_APIM_ACCELERATOR_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
-
To copy the accelerator files to the Identity Server, go to the
<IS_HOME>/<OB_IS_ACCELERATOR_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
-
If you are using WSO2 Identity Server 6.0.0,
- Open the
<IS_HOME>/repository/conf/deployment.toml
file. -
Add below configuration to enable application role validation:
[application_mgt] enable_role_validation = true
- Open the
-
Extract the
wso2is-extensions
zip file of the relevant API Manager version. -
Copy the following files to the Identity Server as follows:
- Open the
<IS_EXTENSION>/dropins
folder. - Copy the following JAR files to the
<IS_HOME>/repository/components/dropins
folder.wso2is.key.manager.core
wso2is.notification.event.handlers
- Open the
<IS_EXTENSION>/webapps
folder. - Copy the
keymanager-operations.war
file to the<IS_HOME>/repository/deployment/server/webapps
folder.
- Open the
-
To copy the accelerator files to the Streaming Integrator, go to the
<SI_HOME>/<OB_BI_ACCELERATOR_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
Setting up Toolkits¶
-
To copy the toolkit files to the API Manager server, go to the
<APIM_HOME>/<OB_APIM_TOOLKIT_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
-
To copy the toolkit files to the Identity Server, go to the
<IS_HOME>/<OB_IS_TOOLKIT_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
-
To copy the toolkit files to the Streaming Integrator, go to the
<SI_HOME>/<OB_BI_TOOLKIT_HOME>/bin
directory and run themerge.sh
script as follows:./merge.sh
Setting up JAVA_HOME¶
Set your JAVA_HOME
environment variable to point to the directory where the Java Development Kit (JDK) is installed
on the server.
Info
Environment variables are global system variables accessible by all the processes running under the operating system.
-
Open the .bashrc file (.bash_profile file on Mac) in your home directory using a file editor.
-
Add the following two lines at the bottom of the file. Replace the
<JDK_LOCATION>
placeholder with the actual directory where the JDK is installed.export JAVA_HOME="<JDK_LOCATION>" export PATH=$PATH:$JAVA_HOME/bin
- Save the file. To verify that the
JAVA_HOME
variable is set correctly, execute the following command. This should retrieve the JDK installation path:echo $JAVA_HOME
Configuring ports¶
The open banking solution may run in different machines/servers. It is mandatory to open the ports of each server to allow a successful data flow. The instances mentioned below specify the ports that need to be opened:
Instance/Product | Port | Usage |
---|---|---|
WSO2 Identity Server | 9446 | HTTPS servlet transport The default URL of the Management Console is https://<IS_HOST>:9446/carbon |
WSO2 API Manager | 9443 | HTTPS servlet transport The default URL of the Management Console is https://<APIM_HOST>:9443/carbon |
8243 | NIO/PT transport HTTPS port | |
WSO2 Streaming Integrator | 9444 | HTTPS netty transport |
7612 | Thrift TCP port to receive events from clients | |
7712 | Thrift SSL port for secure transport where the client is authenticated |
Exchanging the certificates¶
If you are using the default keystores available in the products, click here to see how to update keystores...
If you are using the default keystores available in the products, update them by removing any unnecessary or expired Root CA Certificates.
-
The keystores are available in the
<IS_HOME>/repository/resources/security/wso2carbon.jks
and<APIM_HOME>/repository/resources/security/wso2carbon.jks
files. -
Use the following command to list and identify problematic certificates:
keytool -list -v -keystore wso2carbon.jks
-
Remove the certificates using the alias as follows:
keytool -delete -alias <ALIAS_TO_REMOVE> -keystore wso2carbon.jks
In order to enable secure communication, we need to install the certificates of each component in others. This will facilitate a Secure Socket Layer (SSL). Follow the steps below to implement this:
-
Generate a key against the keystore of a particular server. For example, server A with an alias and common name that is equal to the hostname.
keytool -genkey -alias <keystore_alias> -keyalg RSA -keysize 2048 -validity 3650 -keystore <keystore_path> -storepass <keystore_password> -keypass <key password> -noprompt
-
Export the public certificate of the newly generated key pair.
keytool -export -alias <cert_alias> -file <certificate_path> -keystore <keystore path>>
-
Import the public cert of Server A to the client truststores of all the servers including Server A.
keytool -import -trustcacerts -alias <cert_alias> -file <certificate_path> -keystore <trustore_path> -storepass <keystore_password> -noprompt
-
Repeat above steps for all the servers.
-
If there is an Active Directory/LDAP configured in your deployment, add the Active Directory certificate to the client-truststore of all the servers.
Copying the deployment.toml¶
WSO2 Open Banking UK Toolkit contains TOML-based configurations. All the server-level configurations of the instance
can be applied using a single configuration file, which is the deployment.toml
file.
-
Replace the existing
deployment.toml
file in the API Manager as follows:-
Go to the
<APIM_HOME>/<OB_APIM_TOOLKIT_HOME>/repository/resources
directory. -
Rename
wso2am-4.0.0-deployment-uk.toml
todeployment.toml
. -
Copy the
deployment.toml
file to the<APIM_HOME>/repository/conf
directory and replace the existing file.
-
-
Replace the existing
deployment.toml
file in the Identity Server as follows:-
Go to the
<IS_HOME>/<OB_IS_TOOLKIT_HOME>/repository/resources
directory. -
Rename
wso2is-5.11.0-deployment-uk.toml
todeployment.toml
. -
Copy the
deployment.toml
file to the<IS_HOME>/repository/conf
directory to replace the existing file.
-
-
Replace the existing
deployment.yaml
file in the Streaming Integrator as follows:-
Go to the
<SI_HOME>/<OB_BI_ACCELERATOR_HOME>/repository/resources
directory. -
Rename
wso2si-4.0.0-deployment.yaml
todeployment.yaml
. -
Copy the
deployment.yaml
file to the<SI_HOME>/conf/server
directory to replace the existing file.
-
-
For instructions on how to configure the
deployment.toml
file, see the following topics:Note
For instructions on configuring Streaming Integrator for open banking, see Try out publishing data.