ForgeRock OpenBanking Reference Implementation is an example of how you can bundle all the micro-services together to create an Open Banking eco-system
The project now uses the ForgeRock version of the spring-security-multi-auth libraries. This is necessary as the openbanking4.dev repo's CI/CD is broken and despite providing a fix and having merged, no new libary was published as a result. We don't own that library and we are dependent on it, so it is prudent to un-link our fork of that repo, and take ownership of our own version of the library.
The latest version of this library contains an enhancement to allow UserNameCollectors to make use of the PSD2CertInfo associated with the PSD2Collector. This means that during name collection it is possible to know if the certificate is a PSD2 certificate or not.
This will allow us to trust any valid issuer of eIDAS certs, but only trust OB or FR issued SSL certs. This should mean that it will be possible to onboard with real eidas certificates, but reject onboarding with non-eIDAS SSL certs for example.
Issue: https://github.com/OpenBankingToolkit/openbanking-toolkit/issues/34
Description
The project now uses the ForgeRock version of the spring-security-multi-auth libraries. This is necessary as the openbanking4.dev repo's CI/CD is broken and despite providing a fix and having merged, no new libary was published as a result. We don't own that library and we are dependent on it, so it is prudent to un-link our fork of that repo, and take ownership of our own version of the library.
The latest version of this library contains an enhancement to allow UserNameCollectors to make use of the PSD2CertInfo associated with the PSD2Collector. This means that during name collection it is possible to know if the certificate is a PSD2 certificate or not.
This will allow us to trust any valid issuer of eIDAS certs, but only trust OB or FR issued SSL certs. This should mean that it will be possible to onboard with real eidas certificates, but reject onboarding with non-eIDAS SSL certs for example.
Impacted Areas in Application
All APIs.