Akana API Platform Release Notes 2019.0

 

October, 2019

Version 2019.0.5

Document updated on: 2019-10-28 11:25, Pacific Standard Time

Note: This release requires Akana Platform version 2019.0.4.

Akana 2019.x System Requirements

Upgrading the Akana API Platform from 2018.0.x to 2019.0.x

Changes Log

Date/release version

Changes

31 July 2019
2019.0.0
New entry added for "Auditing Service Policy can now exclude header visibility from monitoring data"

Version 2019.0.5

Requires Akana Platform version: 2019.0.4

Enhancements: 2019.0.5

This release includes no enhancements.

Bug Fixes: 2019.0.5

Swagger generation validation errors for older schemas

Schemas using an older version of the Swagger standard (Draft03) were causing validation errors during Swagger generation.

Support ticket: SUPPORT-28378

Mongo data usage stats were being reported incorrectly after upgrade

When upgrading to 2019.0.x, Mongo usage stats were being recorded as the size of the zipped file, rather than the unzipped size.

Support ticket: No related support tickets.

Exporting app transaction logs was working incorrectly

App transaction logs were not exporting properly. Now export works as expected.

Support ticket: No related support tickets.

Version 2019.0.4

Requires Akana Platform version: 2019.0.3

Enhancements: 2019.0.4

This release includes no enhancements.

Bug Fixes: 2019.0.4

SOAP services with multiple bindings did not retrieve all operations

SOAP services with multiple bindings were retrieving only the operation for the last binding in the WSDL. Now, all operations are retrieved, and compatibility with Akana Intermediary for Microsoft®has been verified.

Support ticket: SUPPORT-22246

Users could access some information outside their own organization

In some cases, users without the necessary privileges could view data of other users in Policy Manager's Configure tab. Now, a "Permission Denied" notice is displayed for these users, and the Configuration Schemas, Interfaces, and Binding tabs are not available, except to System Administrators.

Support ticket: SUPPORT-25824

Version 2019.0.3

Requires Akana Platform version: 2019.0.2

Deprecations and Requirements Changes

For updated requirements information, see System Requirements for Akana Platform 2019.0.x.

Mongo 3.2

As of this release, Mongo 3.2 is no longer supported.

MySQL 5.7

Announcement of future end of support: Akana support for MySQL 5.7 will end in October 2020.

Oracle 11g

Announcement of future end of support: Support for Oracle 11g will end in December 2020 when Oracle ends its “Extended Support.”

Enhancements: 2019.0.3

Automation scripts support for 2-way SSL authentication

Automation scripts have improved support for Secure Socket Layer (SSL) mutual authentication.

Support ticket: No related support tickets.

Bug Fixes: 2019.0.3

Updating an OIDC Relying Party domain was not saving correctly

When updating domains of type OpenID Connect Relying Party in the Developer Portal, the updated values were not always saved.

Support ticket: SUPPORT-24622

Creating an API with a Swagger zip file fails after upgrading to 2019.0.2

Bundled schema files in a Swagger zip file were not being handled correctly at upload, resulting in a failure to import documents when creating an API.

Support ticket: SUPPORT-26673

Chart analytics reflected data from a single API only

When all APIs were selected, the App data reflected in the analytics chart (My Apps > app > Analytics > Charts) included data for only a single API, rather than all contracted APIs.

Support ticket: SUPPORT-23414

Version 2019.0.2

Requires Akana Platform version: 2019.0.1

Enhancements: 2019.0.2

Improvements in parameter schema handling

The platform has enhanced schema parameter processing for improved Swagger 2.0 support in the API Designer.

Support ticket: No related support tickets.

Bug Fixes: 2019.0.2

“Limit forward proxy” feature expanded to validate hosts for Test Client OAuth requests

The platform’s Limit forward proxy security feature (Settings > Site) has been enhanced to include validation of hosts for Test Client OAuth requests against the specified white list of trusted hosts. This feature already validates for file upload and for Test Client messages.

Support ticket: SUPPORT-24997

Export Usage Data performance improvements

Performance improvements have been made to the Export Usage Data process to prevent out of memory errors, specifically when using MongoDB for usage data.

Support ticket: SUPPORT-10644

JOSE Policy v2: Some alert codes missing from database

Some JOSE policy alert codes were missing from the database, causing alerts to be incorrectly logged as unknown. Now, all alert codes related to JOSE are included.

Support ticket: SUPPORT-26100

JSON Web Keys values could be blank before key expiration

JWKS keys could be blank before expiration. JWKS keys are now kept until they expire, and new keys are added when the old keys expire or become deprecated.

Support ticket: SUPPORT-25388

Usage logs now available based on number of days rather than number of records

API and app logs can now be exported for a maximum of 45 days, rather than the previous limit based on the number of records, which was 10,000.

Support ticket: SUPPORT-26085

HTTP Message Validation Policy: regular expressions could not work as expected

Regular expressions used in the HTTP Message Validation Policy could fail to report a match.

Support ticket: SUPPORT-25548

Version 2019.0.1

Requires Akana Platform version: 2019.0.1

Enhancements: 2019.0.1

New startup environment variable supports Java options

The script startup.sh now takes a new environment variable AKANA_OPTS as an argument, which can be used to configure the container JVM. For example, it can be used to configure AppDynamics, other agents, Java Management Extensions (JMX), Garbage Collector (GC) options, or to add JVM system properties.

Support ticket: SUPPORT-10961

JOSE Policy v2 for Open Banking 3.1 tan header now validates using policy configuration

A JOSE Policy v2 configured for OB 3.1 now validates the tan header using the value configured in the policy, if one exists. If no value for the tan header is provided in the policy configuration, then the header is validated using the static domain value openbanking.org.uk.

Support ticket: SUPPORT-23407

Bug Fixes: 2019.0.1

Additional support for OAuth client validation to address XSS vulnerabilities

Analysis of the code base and subsequent improvements to remove XSS (Cross-site Scripting) vulnerabilities is ongoing. This release includes extra XSS validations for the OAuthClient API.

Support ticket: SUPPORT-23094

HTTP Message Validation Policy not validating header value in all cases

The HTTP Message Validation policy now validates the header value using minLength, maxLength, and pattern requirements, even if the header value is empty.

Support ticket: SUPPORT-23138

Two-factor authentication (2FA) now accepts only pre-defined fields

The 2FA task payload no longer accepts parameters that are not pre-defined when a client requests a new authentication token. If parameters other than verificationCode and Action are provided, the request is refused and generates an error. In addition, for a generate action, the verificationCode parameter is no longer accepted.

Support ticket: SUPPORT-21386, SUPPORT-22790, SUPPORT-21391

Default access permissions for Site and Business Admins changed to limit access to other Admins' data

A Site or Business Admin can no longer view and/or edit another Admin's notifications, or change the email address of another Site Admin or Business Admin.

Support ticket: SUPPORT-21389

Error when updating a bundle with an automation recipe

When using an automation recipe to update a bundle, the update failed with an error.

Support ticket: SUPPORT-23184

A tenant's Site Admin could edit global workflows

Site Admins were able to access areas of the application for which they were not authorized.

Support ticket: No related support tickets.

Version 2019.0.0

Requires Akana Platform version: 2019.0.0

Key Features: 2019.0.0

Note: The key features here are specific to 2019.0.0 and are not available in earlier 2018.0.x update releases. For features and enhancements also available in 2019.0.0 but delivered in previous update releases, see each update version below.

Support for OpenAPI 3.0 specification

The Developer Portal adds support for OpenAPI 3.0. OpenAPI 3.0, based on the original Swagger 2.0 specification, provides a standard, language-independent interface to RESTful APIs. Support includes an OAS Schema Form Editor, which is a graphical and text editor for authoring and editing Open API Specification v3 documents. The editor supports syntax and semantic validation on save or switch between text and graphical view, as well as code completion and syntax highlighting. The API Designer also supports dynamic switching between OAS 3.0 and Swagger 2.0. See Open API Specification 3.0 Support for details.

Support tickets: SUPPORT-23083, SUPPORT-23101

Model Library

The new Model Library is a centralized library of model objects in the context of a business on the platform. Highlights include:

  • The ability to reference Model Library objects from any APIs in the business, so that APIs and API consumers can work with consistent data definitions across all APIs
  • Support for JSON Schema Draft 4
  • Support for importing existing models
  • Support for inline authoring of the model definition via the Schema Designer, which offers two modes: a simple JSON text editor and a form editor
  • The Business Admin's full permission for the Model Library with two new roles: a Model Designer and a Model Administrator
  • Support for multiple, valid versions of a model object
  • Addition of a new, customizable, governance workflow
  • The ability to group models into categories
Support for multiple authentication policies

The platform supports multiple authentication policies on a single API using the Aggregate Policy. The Aggregate Policy includes a new “Choose Policy Enforcement Requirement” page.  Users can select either the logical OR (if the message meets the requirements of any one of the policies included in the Aggregate Policy, the request is successful) or AND (the request  must meet the requirements of all policies included in the Aggregate Policy, or it will fail).

Support tickets: SUPPORT-10638, SUPPORT-3244, SUPPORT-5785, SUPPORT-1110, SUP-16299

Support for multiple OAuth domains for a single API

An OAuth policy can authenticate and authorize requests against multiple, different providers. The API OAuth Details page in Community Manager now allows the assignment of an OAuth provider to multiple endpoints, assuming that the Admin has configured multiple OAuth providers. The provider used for messages to an API depends on the scopes set up for each OAuth Provider. This support includes the addition of a new media type, application/vnd.akana.v2019+json, with the following API enhancements:

  • PUT /apis/versions/{ApiVersionID}/oauthdetails is overloaded by content-type
  • GET /apis/versions/{ApiVersionID} and GET /apis/services can produce the new content type, meaning that multiple OAuth providers are returned instead of the first found.

For more detail, see How do I configure OAuth Details for my API?

Enhanced support for Open Banking Version 3.1

This release expands support for the UK OpenBanking v3.1 standard via the JOSE Policy v2, which now verifies the certificate subject DN in the “http://openbanking.org.uk/iss” header.

Support ticket: SUPPORT-23025

Enhancements: 2019.0.0

Add API now includes the ability to specify implementation and one or more deployment zones

When creating an API, previously the API was automatically created with a Live implementation and deployed to all available deployment zones. Now, on the Add API page in the Advanced Options section, the user can specify the implementation (Live or Sandbox). Check boxes for all valid deployment zones for the specified implementation are displayed, and the user can then choose one or more deployment zones.

Support ticket: SUPPORT-5811, SUPPORT-1131, SUPPORT-1148, SUPPORT-3051, SUP-18426

Multiple service auditing policies may now be applied to a single service

Multiple auditing policies can now be attached to a single service or API, allowing more fine-grained control over auditing configuration. For example, basic auditing can be captured during normal operation, and detailed auditing on failure, helping to reduce the amount of detailed logging.

Support ticket: SUP-19050, SUP-19051, SUPPORT-3672, SUPPORT-3673, SUPPORT-25682, SUP-18965, SUPPORT-3588

HTTP Message Validation Policy: new options controlling headers

Two new options are available for HTTP Message Validation policies:

  • Allow all headers: When checked (the default), all headers defined in the schema for the calling operation are allowed. When unchecked, two sub-options "Headers not allowed" and "Strip unallowed headers" allow you to enter which headers to disallow and/or to remove disallowed headers from the call.
    For example, if the admin had unchecked "Allow all headers" and then had added header 1 under "Headers not allowed," header 1 would either be stripped from the call (if "Strip unallowed headers" was checked), or the call would fail (if "Strip unallowed headers" was unchecked).
  • Headers excluded from validation: When no headers are specified, all headers are validated. Any identified headers are excluded from validation.
    For example, a user could pass in headers 1, 2, and 3, of which 1 and 2 are defined in the API call's definition, so 1 and 2 would therefore be validated. However, if the admin had added header 1 to the list of headers under "Headers excluded from validation," that specific header would not be validated.

Support ticket: SUPPORT-23016

QoS Policies now displayed at the API organization level on the API Access page

The list of Quality of Service policies displayed on the API Access page now shows policies associated with the API's organization as well as any parent organization policies, if the organization is a sub-organization. Previously, policies at the tenant level were displayed.

Support ticket: SUPPORT-5792

The job to migrate OAuth grants and tokens to MongoDB has been optimized

The job "Migrate OAuth Data to MongoDB" (available from the Akana Administrative Console > Configuration > Actions tab) has been optimized for better performance.

Support ticket: SUPPORT-22457

New automation options for analyzing recipes and retrieving container information

Two new utility functions are provided to help in recipe creation:

  • Analyze a recipe
    The akana.recipe module has a new --analyze option which analyzes a recipe and generates a synopsis of the recipe hierarchy, along with all properties used by the recipe and its imports.
  • Create a recipe based on a container's configuration
    The akana.recipe module has a new --extract option, which extracts the current configuration of a running instance into a single recipe.

Support ticket: SUPPORT-1103

The JRE shipped with the product now uses OpenJDK

The JRE shipped with Akana has been upgraded to the latest OpenJDK 8 release. Clients using an external JRE need to revert the Bouncycastle changes referred to in http:/docs.akana.com/sp/platform_install/configure-jre.htm.

Support ticket: SUPPORT-21199, SUPPORT-20953, SUPPORT-10756, SUPPORT-17327

Lifecycle Coordinator: Runtime Configuration applied at each API update

When an API is updated, the Runtime Configuration is now reapplied.

Support ticket: No related support tickets.

Rhino JavaScript updated to latest version

The Rhino JavaScript engine has been updated to the latest version, 1.7.10.

Support ticket: SUPPORT-21390

Bug Fixes: 2019.0.0

Auditing Service Policy can now exclude header visibility from monitoring data

A new configuration option has been added to the auditing policy to allow the exclusion of certain headers from monitoring data. This is available on the Detailed Auditing Policy page under Audit Binding > Transport Headers > Audit Transport > Headers to Exclude.

Support ticket: SUPPORT-23104

OAuth Provider: Incorrect grant types used for Global Setting authentication method

When Global Settings were selected as an app's OAuth Profile authentication method, the app was using predetermined values that might not have matched those that had been selected in the domain configuration. Now, domain configuration-supported Grant Types will be used when the OAuth Profile Authentication method is set to Global Setting.

Support ticket: SUPPORT-24778

Updates to Auditing Message Policy documentation

The documentation for the Auditing Message Policy was clarified to specify that when defining an expression in a policy, users should use XPath for XML content, JSONPath for JSON content, and a Regular Expression for other content types.

Support ticket: SUPPORT-22401

External OAuth domain names with special characters or spaces were not supported

Any external OAuth domains created with a name that included spaces or special characters would return a blank page when users tried to modify them. Now, domain names with special characters or spaces are supported.

Support ticket: No related support tickets.

New Elasticsearch configuration properties controlling timeouts

In the Akana Administration Console, two new properties that control Elasticsearch connection timeouts have been added, under com.akana.es.client.security:

Property Default Value
elastic.rest.client.connectTimeout 1000 ms
elastic.rest.client.socketTimeout 30000 ms

Support ticket: SUP-18936, SUPPORT-3559

New configuration option for HTTP Client to better control authentication

In the Akana Administration Console, a new configuration option has been added to the HTTP client via com.soa.http.client.core: http.client.params.handleAuthentication. When true (the default), NTLM credentials are authenticated by Akana. When false, authentication is forwarded to the API client.

Support ticket: SUPPORT-1145, SUPPORT-21801

The licensereport API is now unavailable to unauthenticated users

The licensereport API in the Community Manager now allows access only to users with Monitor permissions. This is similar to other analytics APIs such as getMetrics and UsageLogs.

Support ticket: SUPPORT-23093

Removal of legacy Windows service scripts

Deprecated Windows files RegisterContainerService.bat and UnRegisterContainerService.bat have been removed from the installer. These were no longer supported and were the legacy files for RegisterContainerServiceYAJWS.bat and UnRegisterContainerServiceYAJWS.bat, which remain in the install.

Support ticket: SUPPORT-20933

Version 2018.0.12

Enhancements: 2018.0.12

Support for adding additional JOSE Policy v2 claim headers

In the Test Client, additional claim headers can now be added to a JOSE Policy v2, using the new "Claim Headers" section in the Test Client JOSE Policy popup dialog.

Support ticket: No related support tickets.

Version 2018.0.11

Requires Akana Platform version: 2018.0.10

Enhancements: 2018.0.11

Lifecycle Coordinator Runtime Configuration: topologies can now define API visibility

For Runtime Configurations, the classifier apiVisibility used to determine the visibility of an API can now be set within the topology definition.

Support ticket: No related support tickets.

Version 2018.0.10

Requires Akana Platform version: 2018.0.9

New custom workflow function to limit apps to a single environment for API access

By default, an app version can request a contract with any available API in any available environment. Now, using custom workflow, the Site Admin can limit apps so that when an app has one contract in a specific environment (Sandbox or Live), it cannot have a contract, either with the same API or with another API, in the other environment. With this custom functionality in place, one app version cannot have contracts in both environments.

This option is not part of the default contract workflow, but is available with custom workflow using the custom function verifyAppAccessLimitedToOnlySandboxOrLiveAPIs.

Support ticket: SUPPORT-2442, SUP-17816

Automation recipe for creating a standalone OAuth container

A new recipe has been added to support the automated creation of a standalone OAuth container. The new recipe is oauth-all.json, located in the <installation>/recipes folder.

Support ticket: No related support tickets.

Version 2018.0.9

Requires Akana Platform version: 2018.0.8

This release includes no enhancements.

Version 2018.0.8

Requires Akana Platform version: 2018.0.7

New MS SQL Server encryption password properties

Admin Console: Two new properties, com.soa.database.config:trustStorePassword, and com.soa.database.config:trustStore, have been added to enable encrypted MS-SQL connections.

Support ticket: SUPPORT-17327

New automation recipes support skipping major versions during multi-version upgrades

New automation recipes are now available for users with older Community Manager or Policy Manager instances who need to upgrade to a later version, possibly spanning major or multiple versions. Recipes are available to upgrade from 7.1 through subsequent releases. To learn more, contact your account representative.

Support ticket: No related support tickets.

Version 2018.0.7

Requires Akana Platform version: 2018.0.6

Policy Manager: New HTTP status code property for faults returned on QoS policies

A new property, _HTTP result code_, has been added to the following Quality of Services policies: Concurrency Quota Policy, Service Level Enforcement Policy, Throughput Quota Policy, and Timeout Policy.
This property ensures the return of a specific HTTP fault status code for RESTful services.

Support ticket: SUP-15726, SUPPORT-1191

Admin Portal: Support added to disallow certain keywords from user input

Site admins can now exclude certain keywords from allowable input data, in order to ensure against cross-site scripting attacks. The selected keyword will be disallowed when validating data for the name, description, and tag fields.

Currently, keywords available for exclusion are: onerror, unload, onmouseover, eval, and mouseout. The keywords are set at the tenant level, and will be expanded over time.

Support ticket: SUP-17010

The Lifecycle Repository Runtime Configuration can now configure API visibility

Lifecycle Repository's Runtime Configuration now supports the ability to configure the visibility of APIs that are created. Valid values are Public, Private, and Registered Users. The default is Public, if not specified.

Support ticket: SUPPORT-5575

Version 2018.0.6

Requires Akana Platform version: 2018.0.5

Stored Cross-site Scripting (XSS) vulnerabilities addressed

Analysis of the code base and subsequent improvements to remove XSS (Cross-site Scripting) vulnerabilities is ongoing.This release includes extra XSS validations to App, API, Organization, Group, Review, Ticket, Discussion, and Alert pages.

Support ticket: SUPPORT-21392

OAuth enhancements to support additional parameters required by UK Open Banking specification

The Akana OAuth/OIDC domain now supports passing a request parameter, a single, self-contained parameter passed as a signed JWT. For Open Banking support, the request JWT consists of two claims, state and openbanking_intent_id.

The request parameter is only applicable to the OAuth 2.0 Authorization Code and Implicit grant types for OAuth providers with UK OB support.

The two claims state and openbanking_intent_id will be included in the JWT Access Token issued by Akana OAuth/OIDC provider.

Support ticket: SUPPORT-21752

Oracle JDK 8 updated to latest patch released Jan. 2019

The platform's embedded JDK 8 has been updated to the latest publicly available release (1.8 u201), dated Jan. 15, 2019, under the Oracle Binary Code License (BCL).

Support ticket: No related support tickets.

Version 2018.0.5

Requires Akana Platform version: 2018.0.4

Support added for a redirect_uri containing query parameters for some OAuth providers

The Test Client has added support for OAuth providers that do not support the registration of a redirect_uri containing query parameters, such as Microsoft Azure.

Support ticket: SUPPORT-3713

Version 2018.0.4

Requires Akana Platform version: 2018.0.3

Open Banking 3.1 support for error messages for JOSE Policy v2 and HTTP Message Validation policies

For JOSE Policy v2 and HTTP Message Validation policies, a new option on the Policy Options page "UK Open Banking" supports the enforcement of OB-formatted error messages returned to the API client application. For OB 3.1 compliance, check the option, then choose “OB version 3.1.”

If the option is unchecked, or checked and “OB version 3.0 and earlier” is selected, error messages are returned in whatever format the policy used before OB 3.1 was introduced.

Support ticket: SUPPORT-10643

The Business Security settings for cookies can now specify to use a complete hostname in the Domain attribute on the Set-Cookie header

A new setting in the Business Security settings supports the ability to set the Domain attribute on the Set-Cookie header with the complete hostname of the tenant's incoming URL or the X-Forwarded-Host header.

Support ticket: SUPPORT-20608

JOSE Policy v2: Support added for Open Banking spec 3.x

The JOSE Policy v2 now supports the OB specification 3.1, as well as 3.0 or earlier. The OB rules are enforced based on the version selected in the policy configuration, available on the Policy Options page. If "UK Open Banking" is selected, the version to choose is either 3.1, or 3.0 and earlier.

OB 3.0 and earlier will follow the same rules in terms of crit headers and error messages returned to the API client application.

OB 3.1 enforces:

Support ticket: SUPPORT-20538

Authentication challenge events are no longer logged as alerts or in the error logs

Alerts and error log entries are no longer generated by default for authentication challenges, since these are a common part of every Authorization policy. This behavior is supported by two new properties in the Admin Console under the Configuration tab > com.soa.client.subsystems:

Property Value
alert.config.blockedErrorCodesForAlert com.soa.jbi.JBIErrorCode.BC_BINDING_ERROR_ENCOUNTERED, com.soa.transport.TransportErrorCode.AUTH_CHALLENGE_REQUIRED
alert.config.blockedErrorCodesForLogging com.soa.transport.TransportErrorCode.AUTH_CHALLENGE_REQUIRED

Support ticket: No related support tickets.

Version 2018.0.3

Requires Akana Platform version: 2018.0.2

JOSE Policy v2 now supports the typ JOSE header

The JOSE policy validates that, if a typ claim exists in the JOSE header, that its value is "JOSE," as per the Open Banking 3.x specification. The typ header is optional, so the existence of the claim itself is not enforced.

Support ticket: SUPPORT-20530

JOSE Policy v2 now validates Open Banking JWS TAN header

For Open Banking, if a tan header exists in the JWS header, JOSE validates the header value and that it is present in the crit headers list; JOSE does not enforce that a tan header be defined, however. For OB 3.x compliance, add the tan claim to the policy's configuration page's IN Message Options under "Private Header."

Support ticket: SUPPORT-20530

JOSE Policy v2 with JWKS URL option now can verify the iss header using the JWKS

A JOSE policy using the JWKS URL option can now retrieve the certificate to verify the iss header from the JWKS rather than requiring the x5c claim to be in the JWS header. When retrieving the certificate, this order is followed:

  1. x5c in the JWS header
  2. x5c parameter from the JWKS URL
  3. The Consumer's (App) certificate

Support ticket: SUPPORT-20510

OAuth Provider: Test Client now supports validation with a Private Key JWT or Client Secret JWT

When using the Test Client to retrieve an OAuth token, the authentication methods now include either a Private Key JWT or Client Secret JWT.

Support ticket: No related support tickets.

If response is not defined in the Swagger API description, the platform now adds a default response

Per the Swagger specification, operations should always contain a response description. In a scenario where an API operation was defined as In Only, errors were generated because the responses property was missing. Now, if the response is not defined, the platform adds a default response.

Support ticket: SUP-18908

Lifecycle Coordinator: New parameter modifier to sanitize parameter values for use in the context path of an API

A new parameter modifier context_path_safe can be used with context parameters such as catalog_asset.group.name to transform the resolved parameter value as follows:

  • Removes characters that aren't letters or numbers
  • Strips accents from accented characters (e.g., 'é' would become 'e')
  • Lowercases remaining characters

For example, using the parameter expression

{catalog_asset.group.name.context_path_safe}

would transform the group name "Nuestra Compañía #1" to "nuestracompania1".

Support ticket: SUPPORT-10766

Version 2018.0.2

Requires Akana Platform version: 2018.0.1

External OAuth Provider Domain: Support added for signing a JWT Bearer token with a Private Key

A JWT bearer token can now be signed with either an app's shared secret or a Private Key. A Business Admin can configure the JWT Bearer access token in the developer portal's Admin section under Domains > Add Domains > External OAuth Provider's "Access Token Validation" screen.

Then, in APP OAuth Profile, either a JWT client secret or Private Key can be selected.

  • If a client secret is selected, the JWT is verified against the APP secret.
  • If a JWT Private Key is selected, the JWT is verified against the Public Key that exists in the JWKS URL from the APP's OAuth profile.

Support ticket: SUPPORT-5775

Policy Manager: Script policy memory management improved

Memory consumption of script policies has been reduced for improved performance. This resulted in the removal of some unused properties in the Admin Console under the configuration com.soa.script.repository and the addition of a new property:

New Property Description
compiled.script.pool.maxScriptsPerLanguage Maximum number of compiled scripts that can be held in memory for a script language
Removed Property Description
compiled.script.pool.maxTotalPerLanguage Maximum number of compiled script engines that can be held in memory for a script language
compiled.script.pool.minIdlePerLanguage Minimum number of compiled script engines, unused but available for future compiled script evaluation
compiled.script.pool.maxIdlePerLanguage Maximum number of compiled script engines, unused but available for future compiled script evaluation

Support ticket: No related support tickets.

Jetty transport configuration in Admin Console now includes request duration

The Jetty NCSA access log now includes the request processing time by default. This setting is configured in the Admin Console under the Configuration tab. Select the com.soa.platform.jetty category, then the ncsa.access.log.logLatency property. The default value of true includes the request processing time; false omits it from the log.

Support ticket: No related support tickets.

Version 2018.0.1

Requires Akana Platform version: 2018.0.0

New property VersionName allows setting an initial version at API creation

A new property VersionName has been added to the APIVersionInfo object model so that an API version can be assigned at API creation. If this property is not set, the API is created with the default "v1" version.

Support ticket: No related support tickets.

Deprecations: 2018.0.1

Deprecated APIs

The use of these APIs with a Business Admin user is deprecated with this release:

PUT HTTP Method

/api/businesses/tenantbusiness.atmosphere/alertsettings

/api/businesses/tenantbusiness.atmosphere/apisettings

/api/businesses/tenantbusiness.atmosphere/appsettings

/api/businesses/tenantbusiness.atmosphere/challenges

/api/businesses/tenantbusiness.atmosphere/commentsettings

/api/businesses/tenantbusiness.atmosphere/connectionsettings

/api/businesses/tenantbusiness.atmosphere/discussionsettings

/api/businesses/tenantbusiness.atmosphere/groupsettings

/api/businesses/tenantbusiness.atmosphere/loginpolicy

/api/businesses/tenantbusiness.atmosphere/passwordpolicy

/api/businesses/tenantbusiness.atmosphere/reviewsettings

/api/businesses/tenantbusiness.atmosphere/securitysettings

/api/businesses/tenantbusiness.atmosphere/ticketsettings

/api/businesses/tenantbusiness.atmosphere/usersettings

/api/businesses/tenantbusiness.atmosphere/twofasettings