Akana API Platform Release Notes 2020.1.0

 

September, 2020

Version 2020.1.2

Document updated on: 2020-09-21 16:24, Pacific Standard Time

Akana 2020.1.x System Requirements

Upgrading the Akana API Platform from 2019.1.x to 2020.1.0

 

Product versioning has changed with this first release of 2020

The Akana API Platform and other Akana products are changing versioning schemes with this first major release of 2020. All major releases now follow the scheme "xxxx.1.0" rather than "xxxx.0.0". As a result, this first major release for 2020 is 2020.1.0.

UI customizations

Test all customizations when upgrading.

Default Theme is deprecated with 2020.1.0

Default Theme is now deprecated and will be removed completely in a later version.

jQuery is upgraded in 2020.1.0, impacting all developer portal pages

jQuery has been upgraded to v3.4.1 from v1.8.3. This version of jQuery impacts all Developer pages in all themes, requiring any customizations to be tested with jQuery v3.4.1. For migration information, see jQuery Core 1.9 Upgrade Guide and jQuery Core 3.0 Upgrade Guide.

Version 2020.1.2

Enhancements: 2020.1.2

Network Director containers do not need restarting when the Policy Manager domain certificate is updated

When the Policy Manager domain certificate is updated, there is no need to restart Network Director containers to update the certificate information.

Support ticket: SUPPORT-32450

The JOSE Security Policy v2 Appendix F option enforces Base64URL encoding

The JOSE Security Policy's Appendix F option now enforces a Base64URL encoding on the payload when signing, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).

Support ticket: No related support tickets.

Bug Fixes: 2020.1.2

Deleting notifications could result in the duplication of other notifications

After deleting an individual notification from the notification list in the developer portal, the remaining notifications were duplicated.

Support ticket: SUPPORT-30997

JOSE Policy v2: Certificate validity not checked

The Jose policy was not checking the certificate validity corresponding to the private key that's used for signing the request.

Support ticket: SUPPORT-35208

New "Strict Policy" setting to control security settings on allowable filetypes

In the tenant security settings, a new setting "Strict Policy" has been added to "Limit file types allowed for upload" under Settings > Security. Enabling Strict Policy allows only the media types specified in the allowed file types. If disabled, the supertypes of the media types specified will also be allowed. For example, a selection of "text/plain" in the allowed file types would also allow html, application/json, etc. mediatypes.

Support ticket: SUPPORT-29653

UI and API updates to improve performance on the App Details page and API Overview page

To improve performance, two pages in the developer portal have been updated:

  • The App Details page no longer includes the APIs Connected section. For connections, see App > APIs.
  • The API Overview page no longer includes the Apps Connected section. For connections, see API > Apps.

In addition, two operations in the developer portal that return contracts have been updated:

  • GET /api/apis/versions/{APIVersionID}/contracts
  • GET /api/apps/versions/{AppVersionID}/contracts

These operations no longer return detail regarding the avatar image for the connected app or API.

Support ticket: SUPPORT-36314

New login policy setting to configure concurrent logins

A new login policy setting has been added to configure concurrent logins for tenant users. This setting "Allow Concurrent Sessions" is available under Admin > Settings > Logins. By default, concurrent logins are allowed as before, meaning that a user can have more than one session running concurrently in multiple browsers or on multiple devices.

Support ticket: SUPPORT-24491

For JOSE Security Policy v2, JWKS keys did not refresh

When enforcing the JOSE Security Policy v2, the JWKS keys were not refreshing as per the com.akana.jwks.refreshTime setting configured in com.akana.jose.config in the Akana Administration Console.

Support ticket: SUPPORT-35210

Version 2020.1.1

Enhancements: 2020.1.1

Envision: Improved performance on MongoDB for roll-up datasets

The Analytics aggregation collection primary key storage in MongoDB has been optimized to reduce RAM requirements for efficient charting and aggregation queries. This is evident when creating new datasets in Envision.

Support ticket: No related support tickets.

Deprecations: 2020.1.1

Envision Operational Metric Policy is deprecated

The Operational Metrics Policy has been deprecated. Instead, define a new dataset and then use the Business Metrics Policy to define dimensions and metrics.

Bug Fixes: 2020.1.1

New tenants created in an existing container could have some invalid settings

When creating new tenants in an existing Network Director container, the new tenant could incorporate a deployment zone with invalid settings.

Support ticket: SUPPORT-34106

API model contains new property InUserTop

A new boolean property InUserTop has been added to the API model to identify whether this API is in the user's My Dashboard of top APIs. See API Object for more details.

Support ticket: No related support tickets.

Version 2020.1.0

Key Features: 2020.1.0

Note: The key features here are specific to 2020.1.0 and are not available in earlier 2019.1.x update releases. For features and enhancements also available in 2020.1.0 but delivered in previous update releases, see each update version below..

Envision Performance and UI enhancements

Akana’s business analytics solution Envision has been relaunched with numerous enhancements and performance improvements:

  • Chart creation now provides UI tips to help the user make the appropriate decisions regarding the selection of rollup intervals and filters targeted at specific data.
  • The UI features a progress bar while loading charts.
  • Data set size has been reduced, which also improves MongoDB server size requirements.

Deprecation: The "Realtime" chart time interval features has been disabled, as this information is available in the developer portal. Existing real time charts will continue to function.

Support for Kafka for Analytics

This release adds support for Apache Kafka, a deployment option that allows audit and metrics data from the Akana gateways to be streamed via Kafka instead of the native built-in support. The use of Kafka can improve Akana gateway performance and increase the deployed platform's reliability:

  • Improved performance: Offloading the processing of these messages to Kafka reduces the load on the Akana gateways and improves their performance. It also ensures guaranteed message delivery and prevents out-of-memory issues caused by very large message sizes and high transactional volumes.
  • Increased reliability: Using Kafka to process messages also increases the reliability of the deployed platform. It ensures that the Akana API Gateway and Policy Manager communication, essential to the health of the Akana platform, avoids any potential contention issues caused by overloading any of the Akana components.

The Akana deployment can also specify the heap size to use for messages. The default is 20%. Any messages that would result in exceeding the specified heap size are dropped. This approach helps keep the gateways alive and performant.

New API consumer-focused theme "Bonita"

A new theme Bonita has a user-friendly, streamlined interface targeted at the API consumer, i.e., the app developer, and provides access to API information including the API overview, details, performance charts, logs, documentation, and Test Client. Similarly, for apps, Bonita users have access to the app's details, overview, performance charts, logs, license monitoring, and Test Client.

Bonita is ideally suited to the production instance in the lifecycle in which APIs are promoted via automation. Automation ensures that only approved and governed APIs make it into production, thereby providing a trusted portal with no rogue APIs. For detail, see Bonita Theme on the Akana docs site.

API Charts enhancements
Operational metrics improvements

The information reported and displayed in API transaction logs now includes several new metrics to provide additional information about the timing of exchange processing in the API Gateway. This allows for the measurement of timings such as TTFB (Time to First Byte), I/O times, and API Gateway processing times. These new metrics are used to provide enhanced feedback in the developer portal user interface for API analytics. See Viewing the time to first byte (TTFB) metric on the Akana docs site.

Monthly reports

The developer portal now includes a monthly report that provides a visual summary of metric information across all businesses for the tenant. Data can be broken out by day if needed, and includes platform API usage, customer API usage, and totals for resources such as apps and APIs. See Monthly Report for detail.

My Dashboard

The developer portal now includes a new dashboard where users can monitor up to 10 APIs on which they have the API Admin role. Users can adjust the visual display as needed, including adjusting duration and interval for the chart and removing one or more APIs from the display. The My Dashboard feature includes charts for Throughput, Request Size, and Response Time. See Monitoring Top APIs with the My Dashboard Feature on the Akana docs site.

API documentation enhancements

Multiple improvements have been made to the generated Swagger 2.0 API documentation for improved usability, including converting the description from a column to a row, adding color for easy identification of the sample JSON, and improving readability by moving the operation summary and providing better spacing.

Internationalization of error messages and UI copy

The platform’s support of dynamic deployment of error messages and UI copy, introduced in 2019.1.12, has been enhanced to require specifying the resource bundle base name in the Java properties file. Generated documentation now includes a summary of resource bundles for UI copy and error messages. Specifying the resource bundle base name helps identify the resources in use, which helps reduce the likelihood of collisions and speeds up lookups. See Internationalizing Error Messages and UI Copy on the Akana docs site.

MySQL 8.0 support

Support has been added for MySQL 8.0.

Note that MySQL 8.0.x uses GROUPS as a reserved word, so the platform's table name GROUPS has been changed to CM_GROUPS.

Enhancements to deployment automation

This release includes numerous enhancements to the recipes that automate deployment. See Deployment Automation Improvements for details.

Enhancements: 2020.1.0

Deployment automation improvements

Various enhancements have been made to the recipes that automate deployment, including:

  • System properties can now be passed to the target container using the "--D" option.
  • A recipe path can now be specified to facilitate the use of multiple repositories, using a new command line option "--path".
  • The add-local-listener recipe now accepts a boolean DEFAULT_BIND_ALL property indicating whether the listener should bind to all interfaces. The default is false.
  • Any properties defined as PASSWORD type will no longer be logged.
  • The hardening-cm.json recipe has a new property xFrameOptions":"${XFRAMEOPTIONS|SAMEORIGIN} to control how a browser is allowed to render a page.
  • New recipes to unregister or re-register a container are available: unregister-container.json and register-container.json.
  • A custom JAVA_HOME environment variable can now be set.

Support ticket: No related support tickets.

Elasticsearch sniffer feature is now configurable

A new property has been added under the Akana Administration Console Configuration tab to allow the configuration of the Elasticsearch sniffer feature, which automatically discovers nodes. The property is elastic.client.useSniffer under com.akana.es.client.security. The default setting is true.

Support ticket: No related support tickets.

The DevOps theme now supports LDAP and Active Directory for login

The DevOps theme for Lifecycle Coordinator has added support for LDAP and Active Directory login accounts.

Support ticket: No related support tickets.

A link to a non-existent landing page now returns an HTTP 404 error

Links to a non-existent landing page display an HTTP 404 "Page not found" rather than a blank page.

Support ticket: SUP-9733, SUPPORT-1040

Supported added for "claims" parameter for OpenID Connect

The Akana OAuth/OIDC Provider domain now supports the "claims" request parameter. For detail, see the relevant RFC at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter.

Support ticket: SUPPORT-29833

Database tables updated to accommodate additional metrics on header length

Updates and enhancements have been made to the database tables MO_USAGEDATA, MO_USAGE_NEXTHOP, MO_ROLLUP, and *MO_ROLLUPDATA to include the length of the message header:

MO_USAGEDATA Includes two new fields
  • REQHDRSIZE: The size of the request header
  • RESPHDRSIZE: The size of the response headers
    Note that the fields REQMSGSIZE and RESPMSGSIZE (the size of the request and response body, respectively) remain the same
MO_USAGE_NEXTHOP Includes four new fields:
  • REQHDRSIZE: Next-hop request header size
  • REQBODYSIZE: Next-hop request body size
  • RESPHDRSIZE: Next-hop response header size
  • RESPBODYSIZE: Next-hop response body size
MO_ROLLUP* All MO_ROLLUP tables have two new fields:
  • NEXTHOPREQBYTES: Size of the next-hop request, including both headers and body lengths
  • NEXTHOPRESPBYTES: Size of the next-hop response, including both headers and body lengths
*MO_ROLLUPDATA These fields now both include the length of the headers and not just the content length:
  • REQMSGSIZE
  • RESPMSG

Support ticket: No related support tickets.

Only a subset of the platform's settings is available before user login

Because the API GET /resources/{ResourceVersionKey}/settings can be called before user login, the settings it can return have been limited to:

  • FedMembers
  • LoginDomains
  • Challenges
  • PasswordPolicy

A new api, getPostLoginSettings (GET /resources/v2/{ResourceVersionKey}/settings), returns all the tenant's settings and requires that the user be logged in.

Support ticket: No related support tickets.

Login pages rebranded

Login pages for the Akana Administration Console and Policy Manager have been rebranded.

Support ticket: No related support tickets.

New APIs now control the My Dashboard Watchlist

A series of new APIs have been added to the platform to control a user's list of "Top APIs" maintained in the new My Dashboard feature. These APIs are part of the Users service and add, delete or return information on the APIs in this list:

  • Add an API to the list: POST /api/users/{UserID}/topapis
  • Delete an API from the list: DELETE /api/users/{UserID}/topapis/{APIID}
  • Return information on a user's list of APIs: GET /api/users/{UserID}/topapis
  • Return metrics for the APIs on the list: GET /api/users/{UserID}/mydashboard

For detail, see the list of Users service APIs at Users Service: Overview.

Support ticket: No related support tickets.

Admin menu enhancements

The Admin menu in the developer portal (under More > Admin) has been reorganized for better usability. This includes flattening the left Admin menu to make various elements more accessible. For example, Country Codes is now a top-level entry, and Custom Styles has been renamed “Customization” and moved up from the Config menu.

Support ticket: No related support tickets.

Performance improvements when batch writing usage data

Usage monitoring now uses data size queues when batch writing usage data, reducing the likelihood of out-of-memory conditions. Prior to this change, monitoring usage data was based on queue size. The properties on com.soa.monitor.usage have changed as follows:

com.soa.monitor.usage Description Default value
New properties:
usage.batch.writer.maxSizeUsageDataPct max heap size used by usage data 20
usage.batch.writer.maxSizeUsageMessagesPct max heap size used by usage data 40
Removed properties
usage.queue.capacity
usage.message.queue.capacity
rollup.queue.capacity
transaction.queue.capacity
transaction.queue.capacity

Support ticket: No related support tickets.

New options available when creating theme customizations

In previous versions, when customizing files, users needed to create an exact folder structure within the developer portal, in File Explorer, and create and upload the customization files.

Now, two new options provide a theme-specific set of starter files for customization:

  • Generate customization files—Generates a set of files for the specified theme.
  • Download customization files—Downloads a ZIP file of the customization files for the specified theme. Users can then customize the files offline and upload the updated files.

The page has been renamed and is now on the top-level Admin menu:

  • Previous navigation: More > Admin > Config > Custom Styles
  • New navigation: More > Admin > Customization

In addition, users can provision all starter customization files in one action by going to the Site Settings page and adding a new theme.

Note: If customization files are already in place, they are not overwritten.

For detail, see What functions are available to the Site Administrator on the Customization page? on the Akana docs site.

Support ticket: No related support tickets.

Network Director: Asynchronous error messages processing could be slow

For batch messages processed asynchronously, reply message processing could experience a slowdown with overhead limit errors. This could occur when configuration limits were reached, which would result in connections being closed. The behavior has been changed to reduce the likelihood that connections will be closed unnecessarily.

Support ticket: SUPPORT-26089, SUPPORT-27740

Sign Up page doesn't pre-select security questions

The platform's Sign Up page for new accounts has updated the security questions section to add a "Select" option so the user can choose security questions, rather than having the page pre-select security questions.

Support ticket: No related support tickets.

Site Admins can manage country codes from new Country Codes page

A new Country Codes page in Admin > Country Codes allows Site Admins to manage the visibility of country codes on Signup, User Profile, and Create User pages. For detail, see Country Codes on the Akana docs site.

Support ticket: No related support tickets.

Rhino JavaScript updated to latest version

The Rhino JavaScript engine has been updated to the latest version, 1.7.12.

Support ticket: SUPPORT-29942

MongoDB now stores audit data (header and payload) separately, resulting in performance improvements

For MongoDB, usage info (headers) and usage messages (payload) are now stored separately, to decrease memory load in Network Director and improve performance.

A new MongoDB collection PM_AUDIT.AUDIT_MSG stores usage messages distinct from the existing collection PM_AUDIT.AUDIT used for usage Info. In addition, the existing index AUDIT_2AIdx on PM_AUDIT.AUDIT has been modified to have a unique restriction with a shard key prefix, for example:

> use PM_AUDIT;
> db.AUDIT.createIndex( { "containerKey" : 1, "eventId" : 1 },     
         { "name": "AUDIT_2AIdx", "unique" : true, "background": true } )

You may have to update your scripts if you are retrieving Auditing Service Policy data directly from MongoDB.

Support ticket: No related support tickets.

Support for setting an API's visibility when creating an API

When creating an API, its visibility can now be specified under the Add API screen's Advanced Options section.

Support ticket: SUPPORT-1789, SUP-17137

Trusted CA services enhanced

Trusted CA services have been enhanced to support expiration dates for certificates and to allow their removal.

Support ticket: SUP-1279, SUPPORT-1001

Keyword search did not return entries for an API description

In some cases, a keyword search did not return entries from an API's Swagger description. Now, a document's descriptor tags are added to an API's tags when adding an API in the developer portal.

Support ticket: SUP-13385, SUP-15048, SUPPORT-1097, SUPPORT-1146

Community Manager installation includes Default and Hermosa themes by default

Installing Community Manager now installs both Hermosa and Default themes, so they no longer need to be installed separately. (Note, however, that Default Theme is deprecated with the 2020.1.0 release and will be removed completely in a later version.)

Support ticket: No related support tickets.

Control the display of QoS policies defined in the tenant

By default, QoS (Quality of Service) policies defined in a tenant are displayed in the API Access wizard when an app/API contract is requested. If you don't want the app developer to see these policies, disable this setting on the More > Settings > Apps page by deselecting the item "Show policies on API Access wizard."

Support ticket: SUP-12957, SUPPORT-1092

Improved Network Director startup time

Performance enhancements have been made to improve Network Director startup times.

Support ticket: No related support tickets.

Authored API documentation supports adding links to download a file

To allow users to download files via authored API documentation, add a new class attribute soa-control-cm-inline-do-not-process-link to the HTML <a> tag. A link with this class attribute is not processed to remove the link. See API Documentation Maintenance on the Akana docs site.

For example:

<a class="soa-control-cm-inline-do-not-process-link" href="./file-download.xlsx?download=true" target="_blank">Download Spreadsheet</a>

Support ticket: SUP-10706, SUPPORT-1052

API version workflow can now automatically connect apps when a new API version is created

Apps contracted to an API are automatically connected to a new API version, using the API version workflow's pre-function connectAppsFromPreviousVersion. To take advantage of this feature, add the function to your workflow. For detail, see API Version Workflow, "connectAppsFromPreviousVersion."

Support ticket: SUPPORT-17097

Specifying an API version ID when adding an API version now returns an error

When adding an API version using the API POST /api/apis/{APIID}/versions, passing in an API version ID is not allowed and will return an HTTP "400 Bad Request" error. Previously, the version ID was ignored, but did not return an error.

Support ticket: SUP-12292

Deprecations and Removals for 2020.1.0

Default Theme is deprecated with 2020.1.0

Default Theme is now deprecated and will be removed completely in a later version. All customers using Default Theme should move to the Hermosa Theme as soon as possible, and migrate any customizations. For example, port header customizations according to Community Manager: Migration Guide and Community Manager: Customizing the User Interface. Other customizations should continue to work, but style customizations are likely to be required.

Akana OAuth Provider Agent has been removed from the product distribution

The deprecated Akana OAuth Provider Agent and Akana API Platform OAuth Provider Agent have been removed from the product distribution. It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: Sample deployment Scenario.

Google Connector domain is deprecated

The Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.

Bug Fixes: 2020.1.0

Envision: Charts could display incorrect averages

Envision charts displaying average values could display incorrect averages due to an incorrect aggregation query. This query has been corrected to work in all scenarios.

Support ticket: SUP-17820

Envision: The title for the y-axis was not updating

On an Envision chart, updating the title of the y-axis did not update the title on the chart.

Support ticket: No related support tickets.

Envision: Deleting a chart resulted in an error

Deleting one or more charts could result in an error.

Support ticket: No related support tickets.

Removed post-hook commits to avoid possible row lock contention

Unnecessary post-hook commits have been removed which might be causing row lock contention.

Support ticket: SUPPORT-35255

Google Connector login failure

Logging in using the Google Connector Domain no longer fails. Note, however, that the Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.

Support ticket: SUPPORT-30145, SUPPORT-33763

Private Key JWT validation issue for URLs with trailing slashes

Private Key JWT validation now works for OAuth providers that use a resource server authorization URL with a trailing slash.

Support ticket: SUPPORT-35229

Blocked headers could be passed to the client in some situations

A bug in a third-party configuration library could cause blocked headers to be passed through the API Gateway to the client.

Support ticket: SUPPORT-34419

Business Administrators could delete organizations or tenants without proper privileges

Business Administrators can no longer delete an organization or tenant if the Site Admin has removed the "delete" privilege from the Business Admin's role.

Support ticket: SUPPORT-31715

An API request's response time not displayed in logs in the UI

The API Charts feature was not displaying an API's request duration in the user interface when request duration was 0 milliseconds.

Support ticket: SUPPORT-30365

SaxParser instances resulting in Out of Memory Errors in Network Director

In Network Director, SaxParser instances could result in Out of Memory errors when XML request messages were normalized and contained a large number of distinct tags.

Support ticket: SUPPORT-34017

PingFederate provisioning queue processes app events in the order they were added

The app sync events to PingFederate are now processed in the order they were received, to avoid irregularities.

Support ticket: SUPPORT-24194

With PingFederate as the OAuth provider, client registration settings were not working correctly

For PingFederate, disabling the "client registration" option in the domain configuration still resulted in the app's credentials being synced.

Support ticket: SUPPORT-32847

Test Client sent optional scope parameter with access token, causing some OAuth provider failures

Akana Test Client was sending an optional "scope" parameter with the access token for the Authorization Code grant type, causing some OAuth providers that were not expecting it to fail. The TestClient no longer sends this optional parameter.

Support ticket: SUPPORT-33634

Notifications sent for changes to third-party emails

For third-party domains such as Google and Facebook, an email notification is now sent when the user or a site admin changes the user's login email.

Support ticket: SUPPORT-28538

API Owner role lacked appropriate read access to the organization

An API Owner who creates an API in an organization now has appropriate "read" access to that organization.

Support ticket: SUPPORT-31756

Direct parameter references in uploaded Swagger 2.0 documents were not being saved

In some cases, direct parameter references in Swagger 2.0 documents were not being saved on upload.

Support ticket: SUPPORT-32778

Selecting a deployment zone when adding an API was not auto-generating context path

When selecting a specific deployment zone on the Add API page, API implementation endpoints are properly generated.

Support ticket: SUPPORT-32754

Automation Recipes: Upgrading from 2019.1.0 to 2020.1.0 enables the Quartz scheduler

When using the upgrade recipe pm-cm-upgrade.json, the Quartz scheduler is enabled. To avoid error messages, disable it if the instance is not configured to run Quartz jobs.

Support ticket: No related support tickets.

When creating an API via file upload, the file content is now validated

When uploading a file to create an API, the file contents are validated. If the contents includes HTML or Cross-Site Scripting (XSS) tags, the API is not created.

Support ticket: No related support tickets.

Invalid content encoding could cause detailed auditing to fail

The use of an invalid or unsupported content encoding in the Detailed Auditing policy could result in logging failure.

Support ticket: SUPPORT-31656

New configuration option to control the GET operation on OAuth authorization server's Token API

A new option to disable GET method support for the OAuth authorization server's Token API has been added to the Akana Administration Console, on the configuration category com.soa.oauth.provider. The new property is com.soa.oauth.provider.config.tokenAPIGetOperationSupport, with a default value of com.akana.feature.enabled. Disabling this option (with com.akana.feature.disabled) may address certain security vulnerabilities in which sensitive data could be passed in the GET method request.

Support ticket: SUPPORT-25706

Entity references in response message updated

For the GET /api/search API, the format for EntityReferences in the search results are now returned uniformly in all areas of the platform, in the format below:

"EntityReferences" : {
"EntityReference" : [ {
"Guid" : "b0e71ec7-a200-4661-a3a8-f0c587cdb4d5.open",
"Category" : [ {
"value" : "modelversion",
"domain" : "uddi:soa.com:resourcetype"
} ]
} ]
}

This formatting change addresses the possibility of multiple separate EntityReference entries in the search results.

Support ticket: SUPPORT-28214

Two-factor authentication did not send verification code email

In the developer portal, two-factor authentication (2FA) could delay sending a verification email to users in certain situations.

Support ticket: SUPPORT-29217

Duplicate container startup options were generated on Linux in some situations

On Linux, if the heap size was increased via the JAVA_OPTS property, starting the container in background mode could result in duplicate arguments.

Support ticket: SUP-15585, SUPPORT-1179

Lifecycle Manager: Library number generation change

Lifecycle Manager tenant library numbers are now created in sequential order with a three-digit random number at the end, i.e., "installation ID": "Library ID randomNumber(000-999)". For example: 68:9334.

This numbering ensures a unique ID, and helps prevent an error when creating the library.

Support ticket: SUPPORT-23732, SUPPORT-24790, SUPPORT-30723

Version 2019.1.19

Enhancements: 2019.1.19

New configuration option controls how long connections wait to purge data when closing

A new configuration option has been added in the Administration Console to allow the SO_LINGER time to be set for a listener. This controls how long connections will wait to purge all data when closing. The default was previously set to 30 seconds, which could be too long in some scenarios.

The new property is com.soa.platform.jetty > http.incoming.transport.config.linger. The default is set to 10 seconds.

Support ticket: No related support tickets.

Version 2019.1.18

Enhancements: 2019.1.18

Enabling "Audit Transport" on an auditing policy now captures transport headers

Auditing Service policies that have "Audit Transport" enabled now capture transport headers even if message content auditing is not enabled. Previously, only the transport status code and method were captured.

Support ticket: SUPPORT-22109

Version 2019.1.17

Enhancements: 2019.1.17

New HTTP Headers Injection policy supports improved security

A new HTTP Headers Injection policy allows you to automatically add specific headers on messages processed by the platform and relayed to the client. These headers can be used to enforce security restrictions. See Using the HTTP Headers Injection Policy on the Akana documentation site.

Support ticket: SUPPORT-28645, SUPPORT-3147

New Jetty configuration properties to control low resource connections

Three new properties on the Jetty transport manage connections, allowing finer control over connection lifetime when processing resources are low. These properties are on the com.soa.platform.jetty configuration category:

Property Description
http.incoming.transport.config.maxIdleTime The default maximum number of milliseconds that a connection can remain idle before it is closed.
Default: 200000
http.incoming.transport.config.lowResourceIdleTime The number of milliseconds that a connection can remain idle when server resources are low. A value of -1 disables low resource checking. This is triggered when the number of active connections reaches the limit set by lowResourcesConnections.
Default: -1
http.incoming.transport.config.lowResourceConnections The number of connections that will result in a low resource condition, expressed as a percentage of the listener thread pool size. This is used only when lowResourceIdleTime is > 0.
Default: 100

Support ticket: No related support tickets.

Version 2019.1.16

Enhancements: 2019.1.16

This release includes no enhancements.

Version 2019.1.15

Enhancements: 2019.1.15

This release includes no enhancements.

Version 2019.1.14

Enhancements: 2019.1.14

OAuth Client Policy now logs errors returned from downstream token provider

The OAuth Client Policy has been enhanced to save the error returned by the downstream token provider in the container log.

Support ticket: SUPPORT-24799

New recipe admin-console.json for increased security

A new recipe is now included by default in the recipes directory, admin-console.json, including the following properties:

ADMIN_CONSOLE_LOCALHOST_ONLY
ADMIN_CONSOLE_ACCESS_RESTRICTED
ADMIN_CONSOLE_DOMAIN_ENABLED
ADMIN_CONSOLE_BASICAUTH_ENABLED

Support ticket: No related support tickets.

Metrics API enhanced to include the total request and total response size

The metrics API that returns metrics for a specified API version, GET /api/apis/versions/{APIVersionID}/metrics, now returns totalRequestSize and totalResponseSize for the response message, representing the aggregated request and response size.

Support ticket: SUPPORT-22176

The Test Client now supports HTTP Security Policy with Basic Authentication

When a user is testing in Test Client, in the context of the app, the API, or the API documentation, Test Client no longer prompts for authentication credentials.

Support ticket: SUPPORT-30657

The JOSE Security Policy v2 now supports Appendix F of the JWS Specification to support UK Open Banking

A new checkbox “Enforce Appendix F” is displayed when choosing Unencoded Detached Payload as the Provider role in the JOSE Security Policy v2. Selecting this checkbox applies Base64 encoding to the payload and removes the Base64 JWS header, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).

Support ticket: SUPPORT-27722

Developer portal now supports searching extended metadata in Lifecycle Repository APIs, apps, and users

In the developer portal, searching APIs, apps, and users now indexes Lifecycle Repository metadata. To enable metadata search for existing data, delete the indices for APIs, apps, and users and then reindex the objects.

For example, assuming localhost:9200, first delete the indices:

$ curl -XDELETE 'localhost:9200/default_api'
$ curl -XDELETE 'localhost:9200/default_app'
$ curl -XDELETE 'localhost:9200/default_user'
$ curl -XDELETE 'localhost:9200/default_metadata'

Then, run the query:

delete from INDEX_STATUS where OBJECTTYPE in ('api', 'app', 'user');

Support ticket: No related support tickets.

Deprecation Notices: 2019.1.14

Legacy OAuth client functions deprecated

The legacy functions ApplicationAPI#saveAppOAuthClient71Properties and ApplicationAPI#getAppOAuthClient71Properties are deprecated with this release and will be removed from the product in 2020.1.0. Clients should instead use functions ApplicationAPI#saveAppOAuthClientProperties and ApplicationAPI#getAppOAuthClientProperties.

Support ticket: SUPPORT-32433

Version 2019.1.13

Enhancements: 2019.1.13

This release includes no enhancements.

Deprecation Notices: 2019.1.13

Support for the Akana OAuth Provider Agent feature to end in 2020.1.0

The Akana OAuth Provider Agent feature is deprecated as of this release, and will be removed from the product in 2020.1.0.

Support ticket: No related support tickets.

Version 2019.1.12

Enhancements: 2019.1.12

Developer Portal: API endpoints are now searchable

Support has been added for both partial endpoint and complete endpoint search. To search for a complete endpoint, use surrounding double quotes, i.e., "https://example.com/v1".
To enable endpoint searching, delete the indices for "api" and "metadata", then reindex the api objects. For example, using localhost:9200:

1. 
 $ curl -XDELETE 'localhost:9200/default_api'
2.
 $ curl -XDELETE 'localhost:9200/default_metadata'
3. Run query 
 "delete from INDEX_STATUS where OBJECTTYPE ='api';"

Support ticket: SUP-16590

Dynamic deployment of internationalized/localized error messages

Messages can now be customized dynamically for internationalization or localization.

Place relevant properties files into the deploy directory of a container named according to the pattern com.akana.messages-<qualifier>.cfg, where <qualifier> is a unique string used to identify this particular file. The file is a normal Java properties file containing <key>=<string> pairs. A special key named "_locale" can be used to specify the locale for the messages.

Support ticket: No related support tickets.

Version 2019.1.11

Enhancements: 2019.1.11

New security settings allow Site Admin to restrict the characters allowed in platform input fields

Two new settings have been added in the developer portal (Admin > Settings > Security) as a security feature. The first allows the Site Admin to restrict characters that are allowed in certain platform input fields such as app, API, and group Name, Summary, and Description fields and forum discussions and tickets, to help prevent cross-site scripting attacks.

If this setting is enabled, default characters that are always allowed are: alphanumeric characters, comma, period, hyphen, and space. The second field allows the Site Admin to specify additional characters that are allowed.

Support ticket: No related support tickets.

New configuration property to enable / disable cipher suite preference order

A configuration property has been added to enforce strict ordering of cipher suites in HTTPS listeners. This allows the server to dictate the order of cipher suites offered to clients, improving the security profile of these listeners.

The new property, in the com.soa.platform.jetty configuration category, is: http.incoming.transport.config.useCipherSuitesOrder.

Support ticket: SUPPORT-26735

Added ability to prevent Network Director from calling loopback/localhost address

The ability to block outbound traffic to classes of addresses has been added. There are two new configuration properties for this, in the com.soa.http.client.core configuration category:

  • address.validation.enable = true enables the feature.
  • address.validation.blacklist configures the classes of addresses that will be blocked. A comma-separated string that can include the values loopback (to block all loopback addresses), multicast (to block any multicast addresses), and anylocal to block the wildcard (0.0.0.0) address.

Support ticket: SUPPORT-31243

New classifier, preserve-existing-policies, in Runtime Configuration

A new classifier, preserve-existing-policies, has been added to Runtime Configuration.

In previous versions, if the run-on-updates classifier was set to true, and there were updates to the API's properties, existing policies were not overwritten. With the new classifier included and set to false, the policies attached to the API are overwritten.

Support ticket: No related support tickets.

Version 2019.1.10

Enhancements: 2019.1.10

This release includes no enhancements.

Version 2019.1.9

Enhancements: 2019.1.9

This release includes no enhancements.

Deprecation Notices: 2019.1.9

Support for the legacy Add/Edit API Wizard to end in 2020.1.0

The legacy Add/Edit API Wizard, deprecated in version 8.0, will be removed from the product with the 2020.1.0 release. This wizard was replaced by the current Add API feature.

Support ticket: No related support tickets.

Version 2019.1.8

Enhancements: 2019.1.8

New logging category to record internally generated HTTP request errors

A new logging category has been introduced to capture internally generated HTTP request errors that may occur when matching a request to an operation or service. The default name for the new category is http.request.error.

When this category is set to WARN, the container application log will contain an entry for every generated error in NCSA Common log format. Note that the previous Jetty-specific configuration (com.soa.platform.jetty > default.error.handler.logError) is no longer used.

Support ticket: SUPPORT-25390

Deprecations: 2019.1.8

Support for OpenID domain to end in 2020.1.0

The developer portal migrated from OpenID to OpenID Connect in a much earlier version, 7.2.3. Support of the legacy OpenID Relying Party domain will be completely removed in 2020.1.0. Any existing legacy domains should be migrated appropriately.

Support ticket: No related support tickets.

Version 2019.1.7

Enhancements: 2019.1.7

Default timeouts have been increased for long-running tasks

To avoid long-running provisioning tasks from timing out, default timeouts have been increased. This will prevent timeout errors while using various automation scripts.

Support ticket: SUPPORT-30328

Version 2019.1.6

Enhancements: 2019.1.6

DevOps Theme now includes Forgot Password flow

A "Forgot Password?" workflow is now supported in the DevOps Theme. The feature follows the standard "forgot password" flow, prompting the user for an email address, sending the user a code, then providing a way for the user to reset the password.

Support ticket: No related support tickets.

Network Director: Existing clusters now supported by recipe that registers a container and creates a cluster

Automatic container registration combined with cluster creation is now supported in the Network Director. Prior to this, using the register.container recipe to register a container and create a cluster could fail if the cluster already existed.

Support ticket: SUPPORT-27439

Hazelcast framework disabled by default

In order to reduce system overhead when not in use, the Hazelcast framework is now disabled by default. To enable Hazelcast, set hazelcast.instance.manager.enable to true in the configuration com.soa.grid.

Support ticket: No related support tickets.

New user workflow reserved action to notify users when an account is activated

When the Site Admin activates user accounts, a new reserved action @UserActivated has been added to send the activated user a notification.

Notifications are not sent by default, however. To take advantage of this action, uncomment line 834 in the default user workflow:

<!-- <common-action id="19" /> -->

For specifics, see http://docs.akana.com/cm/workflow/08_user_wf.htm#user_ra_18.

Support ticket: SUPPORT-29675

Version 2019.1.5

Enhancements: 2019.1.5

Database support: MongoDB 3.6.16

MongoDB 3.6 support has been extended to include 3.6.16.

Support ticket: No related support tickets.

Database support: Oracle 19c

With this release, support has been added for Oracle 19c.

Support ticket: SUPPORT-27807, SUPPORT-29789, SUPPORT-29790, SUPPORT-30531

Generated OpenAPI 3.0 documentation

Generated API documentation can now be based on OpenAPI 3.0, as well as Swagger, with the option to switch between Swagger 2.0 and OpenAPI 3.0.

Support ticket: No related support tickets.

New jetty configuration property to control general errors written to the container log file

A new configuration property, default.error.handler.logError, has been added to com.soa.platform.jetty. A value of true adds general errors to the container log file. The default is false.

Support ticket: SUPPORT-25390

Error messages are uppercased appropriately for UK Open Banking 3.1 specification

To comply with the UK Open Banking 3.1 specification, error message field names are now properly uppercased.

Support ticket: SUPPORT-29912

Trusted CA services enhanced

Trusted CA services have been enhanced to support expiration dates for certificates and to allow their removal.

Support ticket: SUPPORT-1001

Version 2019.1.4

Enhancements: 2019.1.4

DevOps theme supports external logins using LDAP

The DevOps theme now supports external logins when the Active Directory Identity System is configured to use LDAP.

Support ticket: SUPPORT-29403

All detailed auditing data limited by default to avoid out of memory problems

All detailed logging data from messages/responses, scripts, and processes are limited by the Administration Console configuration setting in com.soa.policy.handler.audit -> audit.maxContentSize. The default is 500,000. This setting helps avoid out of memory problems or exceeding data limits in MongoDB or other databases.

Support ticket: No related support tickets.

Network Director: Support for dynamic scopes at runtime

Network Director can now validate dynamic scopes at runtime. This support allows a single asterisk. The asterisk can be included as a prefix, in the middle, or as a suffix.

Support ticket: SUPPORT-28507

Automation recipes support removing features

Automation recipes now include the ability to remove features using the Feature Administration service API {urn:com.soa.admin.service.features.jaxrs} FeatureService's endpoint DELETE/admin/features/installed/{id}.

Support ticket: No related support tickets.

Http Message Validation Policy: Error codes enhanced to comply with UK Open Banking 3.1 specification

For the Http Message Validation Policy, more specific error codes were added to comply with the UK Open Banking 3.1 specification, when OB 3.1 is selected on the Options page. For example, any field of type "date" that is in error will result in a UK.OBIE.Field.InvalidDate error code. Previously, the policy was returning UK.OBIE.Field.Invalid error code. New error codes were also added to handle JSON parsing errors and invalid account and secondary account ids.

Support ticket: SUPPORT-25653

Version 2019.1.3

Enhancements: 2019.1.3

Lifecycle Manager: New automation recipe to synchronize data

A new recipe is available to automate the Synchronize Lifecycle Manager Data configuration task in the Akana Administration Console, which helps support the automation of promotion testing.

Support ticket: No related support tickets.

Version 2019.1.2

Enhancements: 2019.1.2

Lifecycle Coordinator: Option to disable Runtime Configuration when editing an API

A new classifier, run-on-updates, provides the ability to disable the Runtime Configuration when modifying an API. This avoids the Runtime Configuration overwriting changes made to an API in the developer portal.

Support ticket: SUPPORT-29126

SimpleDev theme has new confirmation warning before deleting an app

When deleting an app, the SimpleDev theme now prompts the user for confirmation before deletion. Before, the app was immediately deleted without confirmation.

Support ticket: SUPPORT-1084

API Designer now supports examples for model objects

A new column has been added in several locations in the API Designer, for APIs based on Swagger 2.0 or Open API 3.0, to support model object examples. The new column appears after the Schema column in the Models sections, and in the Request and Response sections if a model object is specified.

Support ticket: SUP-16258

The developer portal's Home page redesigned for hermosa and default themes

The Home page for the hermosa and default themes has been redesigned to incorporate embedded videos and updated features.

Support ticket: No related support tickets.

API comments are visible only to users with read access

The API "/api/discussions/{DiscussionID}/comments" now checks that the user has read access to the requested discussion.

Support ticket: SUPPORT-22787

HTTP Message Validation Policy: only top-level validation errors are displayed

For the HTTP Message Validation Policy, only top-level validation errors display. Before, errors could display for each nested element when the error was actually triggered only on the last element.

Support ticket: SUPPORT-25648

Lifecycle Coordinator: OAuth version can be selected in the Runtime Configuration

Users can now select an OAuth version (1.0a, 2.0, or both) in the Runtime Configuration.

Support ticket: No related support tickets.

Users with Monitor permissions can view an API's or app's analytics

A user with Monitor permissions, but without Modify permissions, can view an app's or API's analytics and logs. Previously, only users with Modify permissions on an API or app could view its analytics.

Support ticket: No related support tickets.

Providing an APIVersionID when adding an API version is no longer allowed

The API to add an API version (POST /api/apis/{APIID}/version) now returns an HTTP 400 Bad Request error if an APIVersionID is passed in. Previously, the APIVersionID was accepted as input without throwing an error even though it is not a parameter to the API.

Support ticket: SUP-12292

Swagger-based new APIs will take the API version from the Swagger document, if not defined

New APIs based on Swagger documents will have the same version as the Swagger document if the API has no defined version; otherwise, the APIVersionInfo will be used.

Support ticket: SUP-14958, SUPPORT-1141

Enhanced SearchAPI now returns results changed after a certain date

The SearchAPI (/api/search) supports a new query parameter UpdatedFromDate to retrieve objects added or updated after a certain date, for example:

 /api/search?q=(type:app-version)&UpdatedDateFrom=2019-10-11T23:00:00

Support ticket: No related support tickets.

Lifecycle Coordinator: new PromotionProfile property to preseve an existing shared secret at promotion

A new PromotionProfile property, preserve-shared-secret, controls whether the shared secret of existing app in the target environment is retained at promotion.

The default is false, meaning that shared secret of an app in the target environment is overwritten by that in the source environment. For detail, see http://docs.akana.com/cm/promotion/promotion_users_guide.htm#props_preserve_shared_secret.

Support ticket: SUPPORT-29124

Lifecycle Coordinator: new PromotionProfile property to control a consumer app's automatic promotion

A new PromotionProfile property, disable-consumer-app-check, controls the promotion of an API's corresponding consumer app, useful if you are using fanout and want to promote the consumer app to one environment but not another. A value of true prevents the automatic promotion of the corresponding consumer app (if any.)

For detail, see http://docs.akana.com/cm/promotion/promotion_users_guide.htm#props_disable_consumer_app_check.

Support ticket: SUPPORT-22911

Version 2019.1.1

Enhancements: 2019.1.1

This release includes no enhancements.

Version 2019.1.0

Key Features: 2019.1.0

Note: The key features here are specific to 2019.1.0 and are not available in earlier 2019.0.x update releases. For features and enhancements also available in 2019.1.0 but delivered in previous update releases, see each update version below.

New Open Banking Client Validation policy to support Open Banking MATLS

A new validation policy has been added to support the Open Banking Mutual Authentication TLS (MATLS) specification. This policy, the Open Banking Client Validation Policy, uses MATLS rather than the client secret for authentication. This is required for the Open Banking Dynamic Client Registration for OAuth.

  • Supports validation of headers added by the load balancer
    For the UK Open Banking Client Validation Policy, the Network Director can now perform OAuth client authentication based on headers added by the load balancer, which routes incoming API requests to a load balancer cluster. The load balancer extracts details on client certification and adds them as headers, then routes the request to the Network Director.
  • Uses only certifications with "use" " "tls"
    The UK Open Banking Client Validation Policy with MATLS support uses only certifications with "use" : "tls" from the OB JSON Web Key Sets (JWKS) URL when validating the client certification.

Support tickets: SUPPORT-23129, SUPPORT-3870, SUPPORT-24612, SUPPORT-26843

Hermosa theme UI header redesigned

The Header for the Hermosa theme has been completely redesigned for improved look-and-feel and usability. Elements of the site are more easily accessible, with dropdown menus for the top-level items, among other improvements. 

Note that this change impacts header customizations, which will need to be ported to the new header. For more information, see Community Manager: Customizing the User Interface and Community Manager: Migration Guide.

Support ticket: No related support tickets

Test Client Enhancements

Test Client has been enhanced to support multiple OAuth policies on a single API and the Aggregate policy.

  • The Aggregate Policy
    The Test Client now includes support for testing APIs with an attached Aggregate Policy that includes policies supported by Test Client. Adding an Aggregate Policy to an API allows the API Admin to set up a scenario where multiple policies are combined into one. For more information, see Test Client security settings: Aggregate Policy on the Akana docs site.
  • Multiple OAuth policies
    If the API supports multiple OAuth providers, you can choose the provider you want to test against. See Test Client security settings: OAuth Policy: Multiple OAuth Provider.

Support ticket: No related support tickets

API version workflow now supports an optional, customized workflow

Custom API version workflows now control the options available on the API Details page. This enhancement includes new API states for specified users to control permissions for specified users:
"@ModifyPolicies", "@ModifyDeployments", "@ModifyDebugOptions", "@ModifyOutboundIdentities", "@ModifyExtensionProperties", "@DeleteAPIImplementation", "@ModifyLegals"

Support ticket: No related support tickets

The Charts page within API Analytics has new filters for viewing API and App transactions

The Charts page within API Analytics now includes both charts and logs combined, with filters for viewing both API and App transaction logs and charts. For example, for a specific API, you can filter by all available operations, statuses, and response time. To view transaction log data, use the Load Logs button.
Note: Log information is available only if an auditing policy was attached to the API during the time period.

Support tickets: No related support tickets

Lifecycle Coordinator includes new configuration parameters for the promotion feature

New configuration properties are available in the Akana Administration Console to configure the Lifecycle Coordinator promotion feature. These are:

  • com.soa.promotion: Controls how often Lifecycle Coordinator updates cached policy and organization information for tenants referenced in a topology.
  • com.akana.lifecyclemanager.apiplatform.remote: Controls how often Lifecycle Coordinator updates cached policy and organization information for tenants referenced in a topology.

For detail, see Configuration properties for the Promotion Feature.

Support ticket: No related support tickets

Enhancements: 2019.1.0

Lifecycle Coordinator: Now supports the ability to manage API and app version visibility during promotion

Two new properties now support API and app version visibility when promoting to the target environment. For example, an API's or app's version might be set to Public in the source tenant and Private in the target tenant. These properties are appVersion.visibility and apiVersion.visibility.

Support ticket: No related support tickets.

Lifecycle Coordinator: Runtime Configuration can now specify an OAuth domain for an API

The Runtime Configuration can now select an OAuth domain for use with an API. Then, when an API is created in the developer portal, the OAuth domain will be set on it. Note that OAuth domain scopes cannot be set within the Runtime Configuration.

Support ticket: SUPPORT-5628

Lifecycle Coordinator: Runtime Configuration can now filter by API implementation type

A Runtime Configuration can now filter based on API implementation type, either SOAP or REST.

Support ticket: No related support tickets.

Lifecycle Coordinator: New promotion profile property

A new promotion profile property, preserve-outbound-identities, can be set on a topology to allow saving the existing outbound identities on the target during promotion.

Support ticket: SUP-17125, SUPPORT-1778

The default HTTP 404 error response now considers the Accept header

On a general HTTP 404 "Resource not found" condition, the error response now takes into account the HTTP Accept header from the client, generating a JSON, XML, or HTML (the default) response based on the desired content type. Previously, the error response was always HTML.

Support ticket: SUPPORT-22558, SUPPORT-3903

Akana Administration Console JavaScript library has been updated

The jQuery library used in the Akana Administration Console has been updated to the latest stable and secure version, so that the entire platform now uses jQuery 1.11.3.

Support ticket: SUPPORT-21388

Elasticsearch Scroll API now used, for more effectively returning large numbers of results

The Elasticsearch Scroll API has now been implemented to more effectively return large numbers of results. Previously, the platform iterated through the search results 100 at a time, making it possible to exceed the default index.max_result_window value of 10,000.

Support ticket: SUPPORT-24812, SUPPORT-23905

New optional Business Security setting allows restriction of file types in attachments

The Business Security settings page under Admin > Settings > Security now includes a new option to limit media types allowed for uploading to comments, discussions, tickets, alerts, or reviews. The default allows any media type.

Support ticket: SUPPORT-24292

JOSE Policy v2 with Open Banking 3.1 option now supports adding the charset property to the Accept header

JOSE v2 policies that conform to the Open Banking specification now support adding the character set compatible with the "application/json" in the Accept header, for example: "application/json;charset=utf-8." Previously, adding the character set (charset) to the Accept header resulted in an error.

Support ticket: SUPPORT-26263

Open Banking 3.1 error codes now support enumerated elements in the HTTP Message Validation Policy

Errors generated by an HTTP Message Validation Policy now support enumerated elements, in conformance with Open Banking Implementation Entity (OBIE) requirements.

Now, when a field is defined as an enum in the policy but there is no value for this enumerated field defined in the schema, the policy will return "UK.OBIE.Unsupported.<field_name>" where <field_name> is the supplied enum value that doesn't match the schema's list of valid enum values. Prior to this enhancement, the policy returned "UK.OBIE.Field.Unexpected."

Support ticket: SUPPORT-25161

HTTP Message Validation Policy can now define default behavior for the additionalProperties schema property

The HTTP Message Validation Policy has a new option, "Allow additional properties by default," to control the behavior when an additionalProperties property in a Schema object is not explicitly specified in a Swagger schema. This is useful because the Swagger 2.0 specification is unclear regarding the default value for additionalProperties.

By default, this option is enabled so that all additional properties are allowed.

Support ticket: SUPPORT-25391

HTTP Message Validation Policy: Open Banking 3.1 error response can now be customized

HTTP Message Validation policies that conform to the Open Banking 3.1 specification can now specify the documentation URL to include with Open Banking-compliant error messages returned by the policy. If not set, the default is: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1000702294/Read+Write+Data+API+Specification+-+v3.1.1.

For more information, see Creating an HTTP Message Validation Policy on the Akana docs site.

Support ticket: SUPPORT-25156

Akana OAuth/OIDC provider id-token now includes state and openbanking_intent_id claims

The Akana OAuth/OpenID Connect (OIDC) provider now includes the "state" and "openbanking_intent_id" claims in the id_token for the Open Banking consent Hybrid Flow. Prior to this enhancement, these claims were returned only in the access_token.

Support ticket: SUPPORT-25631

JOSE Policy v2: Open Banking 3.1 error response can now be customized

JOSE v2 policies that conform to the Open Banking 3.1 specification can now specify the documentation URL to include with Open Banking-compliant error messages returned by the policy. If not set, the default is: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1000702294/Read+Write+Data+API+Specification+-+v3.1.1.

For detail, see Configuring JOSE Security Policy v2 options on the Akana docs site.

Support ticket: SUPPORT-25156

Automation recipes to perform upgrades have been improved

The recipes provided to automate migration to newer versions now support the ability to skip major versions.

Support ticket: No related support tickets.

Elasticsearch can be configured to save the Jetty access log

The Elasticsearch feature now supports the ability to save the Jetty transport access log to the Elasticsearch index. This is controlled through three new properties in the Administration Console under the configuration com.akana.log.elasticsearch:

Property Description Default Value
requestLog.enabled Enables or disables saving the Jetty log to the Elasticsearch index false
requestDataSaver.elasticHost The host location of the index http://localhost:9200
requestDataSaver.elasticIndex The name of the index request-log

Support ticket: No related support tickets.

Cluster Support plug-in has been removed from the product distribution

The deprecated Cluster Support plug-in (com.soa.feature.cluster) has been removed from the product distribution. Instead, use automation recipes for configuring clusters.

Support ticket: No related support tickets.

API group visibility now available for Runtime Configurations

A new classifier API Group Visibility can be set for Runtime Configurations to invite user groups to view an API. For more detail, see "API Group Visibility" in the Runtime Configuration on the Akana docs site.

Support ticket: SUPPORT-5575

Deprecations: 2019.1.0

Elasticsearch Transport Client option is deprecated

The Elasticsearch Transport Client deployment option is deprecated in version 2019.1.0, and will be removed in version 2020.1.0. It is recommended to use the REST Client which communicates to the Elasticsearch server or cluster by accessing a URL.

The Akana OAuth Provider Agent is deprecated

The Akana OAuth Provider Agent feature is deprecated in version 2019.1.0, and will be removed in version 2020.1.0.

It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: http://docs.akana.com/sp/deployment/deployment_clustered.htm.