Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OB3] Provide config for making transport cert optional for the token endpoint #166

Merged
merged 1 commit into from
Oct 30, 2024
Merged

[OB3] Provide config for making transport cert optional for the token endpoint #166

merged 1 commit into from
Oct 30, 2024

Conversation

aka4rKO
Copy link
Contributor

@aka4rKO aka4rKO commented Oct 30, 2024

[OB3] Provide config for making transport cert optional for the token endpoint

This PR contains an improvement to the accelerator to stop mandating the transport certificate for the token request. The transport certificate is mandated to bind the certificate to the access token using the "cnf" claim.

However to properly omit sending the transport the following configs also need to be added and must remove the MTLSEnforcementValidator like below:

#[[open_banking.identity.token_filter_validators]]
#class = "com.wso2.openbanking.accelerator.identity.token.validators.MTLSEnforcementValidator"

[[open_banking.identity.token_filter_validators]]
class = "com.wso2.openbanking.accelerator.identity.token.validators.MTLSCertificateValidator"

[[open_banking.identity.token_filter_validators]]
class = "com.wso2.openbanking.accelerator.identity.token.validators.SignatureAlgorithmEnforcementValidator"

[[open_banking.identity.token_filter_validators]]
class = "com.wso2.openbanking.accelerator.identity.token.validators.ClientAuthenticatorValidator"

Issue link: https://github.com/wso2-enterprise/wso2-ob-internal/issues/871

Applicable Labels: Spec, product, version, type (specify requested labels)

Development Checklist

  1. Built complete solution with pull request in place.
  2. Ran checkstyle plugin with pull request in place.
  3. Ran Findbugs plugin with pull request in place.
  4. Ran FindSecurityBugs plugin and verified report.
  5. Formatted code according to WSO2 code style.
  6. Have you verify the PR does't commit any keys, passwords, tokens, usernames, or other secrets?
  7. Migration scripts written (if applicable).
  8. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

  1. Written unit tests.
  2. Documented test scenarios(link available in guides).
  3. Written automation tests (link available in guides).
  4. Verified tests in multiple database environments (if applicable).
  5. Verified tests in multiple deployed specifications (if applicable).
  6. Tested with OBBI enabled (if applicable).
  7. Tested with specification regulatory conformance suites (if applicable).

Automation Test Details

Test Suite Test Script IDs
Integration Suite TCXXXXX, TCXXXX

Conformance Tests Details

Test Suite Name Test Suite Version Scenarios Result
Security Suite VX.X Foo, Bar Passed

Resources

Knowledge Base: https://sites.google.com/wso2.com/open-banking/

Guides: https://sites.google.com/wso2.com/open-banking/developer-guides

@Ashi1993 Ashi1993 merged commit 378d608 into wso2:3.0.0 Oct 30, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Akila94 Akila94 Akila94 approved these changes

@Ashi1993 Ashi1993 Ashi1993 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aka4rKO @Ashi1993 @Akila94