CIBA Push Authenticator
The Client-Initiated Backchannel Authentication (CIBA) Push Authenticator in WSO2 Open Banking currently supports the Local user stores. The CIBA authenticator is used to send push notifications to the users in a CIBA flow.
You can extend it to support federated user stores as explained in this page.
Implement a custom Push authenticator according to your requirements by extending the following class:
Given below is a brief explanation of the methods you need to implement.
This method lets you create an authenticated user from a subject identifier.
protected AuthenticatedUser getAuthenticatedUser(HttpServletRequest request)
HttpServletRequest request- response received from the mobile for the Push authenticator notification
AuthenticatedUser- authenticated user from the user store.
Configuring a custom Push Authenticator¶
- Once implemented, build a JAR file for your project.
- Place the above-created JAR file in the
<IS_HOME>/repository/conf/deployment.tomlfile and configure your custom authenticator using the Fully Qualified Name (FQN):
[open_banking.sca.idp] name = "CIBA-Push-Auth"
Save the configurations and restart the Identity Server.
- Follow the Set up CIBA flow documentation and try out the flow.