5 Properties

This topic provides information on Properties.

Below are the properties required to be updated in the UK Open Banking. Please find the below properties, its purpose and OOTB values.

Table: DIGX_CFG_CONFIG_ALL_B

Category-Id : OAuthTokenConfig

For more information on fields, refer to the field description table.

Table 5-1 DIGX_CFG_CONFIG_ALL_B

Property ID Property Value (Out of the Box) Purpose
OpenBankingConfig.CONSENT_EXPIRYDAYS 90 This value is used to check if expiry date send by TPP for the Account Access Consent is not more than 90 days and if it is more than 90 days then ASPSP will reject this value

Token Settings

Table: AUTH_CONFIG

Category-Id : AuthServerConfig

Note:

Prior to changing the value of OAUTH_TOKEN_SIGNER to X509RS256 or X509PS256, make sure to generate Public and Private Key Pair in Security Keys Section by logging in as admin

For more information on fields, refer to the field description table.

Table 5-2 AUTH_CONFIG

Property ID Property Value (Out of the Box) Purpose
OAuthTokenConfig.OAUTH_TOKEN_SIGNER X509RS256 – x509 signed token with RS256 algorithm

X509PS256 - x509 signed token with PS256 algorithm

 The algorithm used to generate JWT token.
OAuthTokenConfig.refreshTokenExpiry 86400 Default expiry for Refresh Token.
OAuthTokenConfig.tokenExpiry 3600 Default expiry for Access Token.
OAuthTokenConfig.ISSUER OBDX-OAUTH Issuer of the access/refresh token.
OAuthTokenConfig.AUDIENCE OBDXTestResServer Audience of the access/refresh token.
OAuthTokenConfig.OPAQUE_ACCESS_TOKEN_FLAG Values can be Y or N. Flag to enable/disable opaque access token.
OAuthTokenConfig.CODE_CHALLENGE_FLAG Values can be Y or N. Flag to enable/disable code challenge verification as per the FAPI requirement.

Common Settings

Table:- DIGX_CFG_CONFIG_ALL_B

Category-Id :- OAuthCommonConfig

For more information on fields, refer to the field description table.

Table 5-3 DIGX_CFG_CONFIG_ALL_B

Property ID Property Value Purpose
OAuthCommonConfig.OAUTH_REDIRECT_HOST_PORT http://{{HOST}}:{{PORT}} ‘HOST’ refers to the hostname/IP of the application

‘PORT’ refers to the application’s port

DCR(Dynamic Client Registration) Configs

Table:- DIGX_CFG_CONFIG_ALL_B

Category-Id :- OAuthDCRConfig

For more information on fields, refer to the field description table.

Table 5-4 DIGX_CFG_CONFIG_ALL_B

Property ID Property Value Purpose
OAuthDCRConfig.PUBLIC_KEY_FETCH_URL e.g. https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks Open Banking Directory URL to fetch the public key for payload jwt verification.
OAuthDCRConfig.SCIM_PRIVATE_KEY This should be value of obseal_dec.key without any space or enter character This is ASPSP’s private key for signing the jwt payload while communicating to the Open Banking Directory.
OAuthDCRConfig.SSA_REQUEST_PAYLOAD_PUBLIC_KEY e.g. software_jwks_endpoint This is TPP’s SSA claimset value, which is used to fetch the public key to verify SSA.
OAuthDCRConfig.DCR_REQUEST_PAYLOAD_PUBLIC_KEY e.g. software_jwks_endpoint This is TPP’s claimset value, which is used to fetch the public key to verify DCR payload.
OAuthDCRConfig.ID_TOKEN_PRIVATE_KEY This should be value of obseal_dec.key without any space or enter character This is ASPSP’s private key for signing the jwt payload.
OAuthDCRConfig.ID_TOKEN_PRIVATE_KEYID This should be value of key id generated when the ASPSP’s certificate is uploaded in the Open Banking Directory. This is ASPSP’s key id to fetch the ASPSP’s public key from the Open Banking Directory by the TPP.
OAuthDCRConfig.OBIE_CLAIM iss To identify the issuer claimset in the DCR payload.
OAuthDCRConfig.OBIE_CLAIM_VALUE OpenBanking Ltd To identify the value of the issuer claimset in the DCR payload.
OAuthDCRConfig.OBIE_MEMBSTATE_VALUE GB Member state of the SSA.
OAuthDCRConfig.OBIE_SOFTENV_VALUE Values can be sandbox/production. To identify software environment. Value should be ‘production’ for the production environment.

DCR(Dynamic Client Registration) SCIM Configs to Connect to Open Banking Directory

Table:- DIGX_CFG_CONFIG_ALL_B

Category-Id :- OAuthDCRSCIMConfig

For more information on fields, refer to the field description table.

Table 5-5 DIGX_CFG_CONFIG_ALL_B

Property ID Property Value Purpose
OAuthDCRSCIMConfig.MTLS_CERTIFICATE_ALIAS Alias which was used to create the MLTS certificate

e.g. openbanking_obtrans

 Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.MTLS_CERTIFICATE_PWD Password which was used to create the MLTS certificate Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.IDENTITY_STORE_PATH

Path of the identity store jks file.

e.g. /scratch/obdx/wls/OpenBanking/SCIM/openbanking_custom_identity.jks

 Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.TRUST_STORE_PATH

Path of the trust store jks file.

e.g. /scratch/obdx/wls/OpenBanking/SCIM/openbanking_custom_trust.jks

 Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.PROXY_ENABLED Values can be Y/N. To identify whether the proxy is enabled of not for the communication.
OAuthDCRSCIMConfig.PROXY_URL Value ot the proxy url. Required for communication over MTSL with the Open Banking Directory with proxy enabled.
OAuthDCRSCIMConfig.PROXY_PORT Value ot the proxy port. Required for communication over MTSL with the Open Banking Directory with proxy enabled.
OAuthDCRSCIMConfig.HTTPS_ENABLED Values can be Y/N. To identify whether the https is enabled of not for the communication.
OAuthDCRSCIMConfig.softwareStatementId This should the Software Statement Id of the ASPSP. Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.clientScopes 'TPPReadAll AuthoritiesReadAccess QTSPReadAccess' These are the scopes defined by the Open Banking Directory.
OAuthDCRSCIMConfig.keyId This should be the ASPSP’s key id to be used for the MSTL communication. Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.tokenUrl https://matls-sso.openbankingtest.org.uk/as/token.oauth2 This is defined by the Open Banking Directory to get the access token for accessing the Open Banking APIs.
OAuthDCRSCIMConfig.certUrl https://matls-dirapi.openbankingtest.org.uk/certificate/validate This is defined by the Open Banking Directory to get the ASPSP’s certificate validated for the MTLS communication.
OAuthDCRSCIMConfig.orgDetUrl https://matls-api.openbankingtest.org.uk/scim/v2/OBThirdPartyProviders/ This is defined by the Open Banking Directory to get the organisation details.
OAuthDCRSCIMConfig.aud https://matls-sso.openbankingtest.org.uk/as/token.oauth2 This is defined by the Open Banking Directory for the ‘audience’ claimset for communication over MTSL.
OAuthDCRSCIMConfig.iss This should the Software Statement Id of the ASPSP. Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.sub This should the Software Statement Id of the ASPSP. Required for communication over MTSL with the Open Banking Directory.
OAuthDCRSCIMConfig.grantType client_credentials This is defined by the Open Banking Directory for communication over MTSL.
OAuthDCRSCIMConfig.clientAssertionType urn:ietf:params:oauth:client-assertion-type:jwt-bearer This is defined by the Open Banking Directory for communication over MTSL.

Sort Code and Branch Mapping for UK.OBIE.SortCodeAccountNumber Scheme

For Sort Code, Account branch mapping following entry needs to be done in DIGX_CFG_CONFIG_ALL_B in openBankingConfig preferences. This mapping used in account identification deserializer to replace sort code with appropriate branch code. 

Insert into DIGX_CFG_CONFIG_ALL_B (PROP_ID,PROFILE,PROP_VALUE,ENTITY_SPECIFIC,EDITABLE,MANDATORY_OVERRIDE,PROPERTY_GROUP,CREATED_BY,CREATION_DATE,LAST_UPDATED_BY,LAST_UPDATED_DATE,OBJECT_VERSION_NUMBER,MODULE,IS_ENUMERATED,SEQUENCE,VALIDATION,OBJECT_STATUS) values ('openBankingConfig.SORT_CODE_<6 Digit SortCode> ','%%PROFILEVALUE%%','<Branch Code>','N','N','N',null,'SYSTEM',sysdate,'SYS',sysdate,1,'openbanking','N',-1,'.*',null);