An application.properties file in the $THREEDS_CONFIG_HOME directory is used to set configuration options for the 3DS Server.
The available configuration options and their default values are listed below.
Note: If you don't configure a value for one of the properties in your application.properties, the default value as shown below will be used.
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 | server.port=### Tomcat AJP connectortomcat.ajp.enabled=tomcat.ajp.ajpPort=### Logginglogging.config=classpath:log4j2-prod.xml### 3DS Server configuration## Property indicating the type of 3DS Server configuration. There are two supported values:## 1. xml - indicating XML configuration# 2. db - indicating Database configuration## If ${threedsserver.configuration.type} property is not set, it defaults to xml - indicating XML# configuration.#threedsserver.configuration.type=xml## The default location for various configuration files of the 3DS Server.# If not specified it defaults to: ${user.home}/.threeDSServer.# (${user.home} is the user's home directory)## threeDSS.config.home=# The resource location of the ThreeDS Server Configuration (e.g. file:/etc/threeDSServerConfiguration/3dss-configuration.xml)## Use a "file:" prefix for resources located on the file system.# Use a "http:" prefix for resources loaded from an URL.# Use a "classpath:" prefix for resources located on the classpath.## If ${threedsserver.configuration.location} is not specified (i.e. empty) it defaults to file:${threeDSS.config.home}/3dss-configuration.xml# (${threeDSS.config.home} is the value of the property "threeDSS.config.home")## If not specified and the property "threeDSS.config.home" is not set this# defaults to file:${user.home}/.threeDSServer/3dss-configuration.xml# (${user.home} is the user's home directory)#threedsserver.configuration.location=## Property indicating if the passwords defined for the certificate stores in the XML configuration are encrypted.## If ${threedsserver.configuration.useEncryptedPasswords} property is not set, it defaults false - indicating plaintext# passwords are used.#threedsserver.configuration.useEncryptedPasswords=false## Timeout configuration for 3DS Server Authentication Response defined in seconds. This value will be used only if# timeout configuration is not defined at root level for the 3DS Server.#threedsserver.timeouts.ares=300## Timeout configuration for 3DS Server Preparation Response defined in seconds. This value will be used only if# timeout configuration is not defined at root level for the 3DS Server.#threedsserver.timeouts.pres=300### Timeout configuration for 3DS Server Method defined in seconds. This value will be used only if# timeout configuration is not defined at root level for the 3DS Server.#threedsserver.timeouts.threedsmethod=10### Timeout configuration for 3DS Server ProtocolError defined in seconds. This value will be used only when the# 3DS Server sends protocol error messages to the Directory Server.#threedsserver.timeouts.protocolerror=2## Number of threads serving ThreeDSServerResultsResponse messages invocation to the Requestor.#threeDSServer.resultsResponse.taskExecutor.corePoolSize=50## The resource location of the ThreeDS Server license (e.g. file:/etc/threeDSServerLicense/3dss.lic)## Use a "file:" prefix for resources located on the file system.# Use a "http:" prefix for resources loaded from an URL.# Use a "classpath:" prefix for resources located on the classpath.## If ${license.resourceLocation} is not specified (i.e. empty) it defaults to file:${threeDSS.config.home}/3dss.lic# (${threeDSS.config.home} is the value of the property "threeDSS.config.home")## If not specified and the property "threeDSS.config.home" is not set this# defaults to file:${user.home}/.threeDSServer/3dss.lic# (${user.home} is the user's home directory)#license.resourceLocation=## The https protocols (i.e. TLS versions) the threeDS Server should use when establishing a connection to the directory servers.# According to the 3DS Specification, the minimum supported TLS version is TLSv1.2#dsClient.httpsProtocols=TLSv1.2## The proxy to use for connecting to the Directory Server (leave empty if not using a proxy).## When specifying a HTTP proxy, HTTPS connections will be tunneled through via the HTTP CONNECT method.# You may specify a user/password combination in the URL in case your proxy requires authentication.## Example : http://foo:bar@proxy.org:8888## host : proxy.org# port : 8888 (optional; if not specified, the scheme default port will be used)# scheme : http# user : foo (optional; only specify a user in case your proxy requires authentication)# password: bar (optional; only specify a password in case your proxy requires authentication)#dsClient.proxy=## The supported cipher suites for outbound 2-way SSL connections to the DS.#dsClient.supported.cipher.suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256## The connection timeout in milliseconds for establishing a TCP/IP connection to the Directory Server.#dsClient.connection.timeout.milliseconds=3000## Indicator if PReq scheduling should be enabled. This should be enabled for at least one node.# If 3DS Server is used with only one node, this property should be enabled.## If 3DS Server is used in clustered environment and only one node will perform the updates,# enable this feature for the node that will perform the updates. Other nodes should disable this feature.## If ${dsClient.preparation.request.invocation.enabled} is not specified, it defaults to true.# dsClient.preparation.request.invocation.enabled=## The interval (in hours) for which the directory server is being sent a preparation request. Minimum value is 1 (1 hour),# meaning the directory server is called on every 1 hour. If you have multiple nodes running and want each node to# initiate PReq requests, consider setting this property to be the same for each node.# This combined with ${dsClient.preparation.request.initialDelay.hours}# will enable the nodes to each run in different time slots not interfering with each other.## If ${dsClient.preparation.request.interval.hours} is not specified (i.e. empty) it defaults to 1.# The minimum amount is 1 hour (once per hour).## dsClient.preparation.request.interval.hours=## The initial delay (in hours) for when the PReq will start for the first time. This is called when PReq requests are scheduled for# the first time. It will add the initial delay to the current time to calculate the time of the first run. This is useful if you want# all nodes to initiate PReq requests, or set the 3DS Server to start sending PReq requests X hours after the server is started.## IMPORTANT NOTE: For concurrency, you will have to adjust the ${dsClient.preparation.request.interval.hours} property.# The 3DS Specification requires PReq requests to be initiated at maximum of once per hour, so the suggested time to set# the initial delay is (nodeId - 1) * initialDelay. This means that if you run the 3DS Server in 4 nodes,# the first node will have an initial delay od 0 (will start immediately), second node will start after X hours,# third after 2*X hours, and fourth after 3*X hours.## If ${dsClient.preparation.request.initialDelay.hours} is not specified, it defaults to 0.## dsClient.preparation.request.initialDelay.hours=## The resource location of the Ehcache configuration XML for the cached data.## Use a "file:" prefix for resources located on the file system.# Use a "http:" prefix for resources loaded from an URL.# Use a "classpath:" prefix for resources located on the classpath.## If not specified (i.e. empty) this defaults to file:${threeDSS.config.home}/ehcache.xml# (${threeDSS.config.home} is the value of the property "threeDSS.config.home")## If not specified and the property "threeDSS.config.home" is not set this# defaults to file:${user.home}/.threeDSServer/ehcache.xml# (${user.home} is the user's home directory)#ehcacheConfigXml.resourceLocation=## Regular expression used to validate cardholder account numbers and resolve the VISA scheme.#cardholderAccountNumberRegex.visa=4[0-9]*## Regular expression used to validate cardholder account numbers and resolve the MasterCard scheme.#cardholderAccountNumberRegex.masterCard=(2[0-1]|220[5-9]|22[1-9]|2[3-9]|5|6)[0-9]*## Regular expression used to validate cardholder account numbers and resolve the American Express scheme.#cardholderAccountNumberRegex.americanExpress=(34|37)[0-9]*## Regular expression used to validate cardholder account numbers and resolve the JCB scheme.#cardholderAccountNumberRegex.jcb=35[0-9]*## Regular expression used to validate cardholder account numbers and resolve the Diners scheme.#cardholderAccountNumberRegex.diners=36[0-9]*## Regular expression used to validate cardholder account numbers and resolve the MIR scheme.#cardholderAccountNumberRegex.mir=220[0-4][0-9]*# The token string appended to the 3DS Method Notification URL when 3DS Server implementation of the 3DS Method# notification response handler is used. The purpose of the token is to randomize the 3DS Method Notification URL, so# it would not be the same for each Netcetera 3DS Server. The token shall contain only digits and letters.## The XML configuration of the <ThreeDSMethodNotificationUrl> must be in the format# 'https://<host>/3ds/3ds-method-notification/', on which the ${threeDSMethod.notificationUrl.token} is appended.# If ${threeDSMethod.notificationUrl.token} is not configured, token won't be appended to the base notification URL, so# it will remain 'https://<host>/3ds/3ds-method-notification/'.#threeDSMethod.notificationUrl.token=## Boolean property indicating whether the 3DS Server should do an internal resolving of the 3DS Method completion# indicator - 'threeDSCompInd' in case when it is not provided from the 3DS Requestor for an authentication request.# Default value is true meaning that the 3DS Server should do an internal resolving.## In case of an external 3DS Method notification URL, this property should be set to false.#threeDSMethod.completionIndicator.internalResolving.enabled=true## Property indicating which actuator endpoints will be publicly exposed.## When enabled by this property, the metrics and health endpoints will be available on# 'https://<host>/actuator/metrics/' and 'https://<host>/actuator/health/', respectively. Each particular metric can# be accessed via 'https://<host>/actuator/metrics/<metric-name>'.## Among other Spring built-in metrics, there is 'http.server.requests' metric which provides info about the number of# requests handled by the application. The requests are counted and distinguished on a few bases, including the# request URI, the type of method (GET, POST, etc.), the status code of the response, etc. This metric also provides# info about the duration of requests being processed by the application.## The 3DS Server adds the following additional metrics '3ds-server.ds.authentication.requests.duration',# '3ds-server.preparation.requests.duration' and '3ds-server.exceptions'.## The '3ds-server.preparation.requests.duration' metric provides info about the overall duration of the# execution of a preparation request both on 3DS Server side and in the communication between the 3DS Server and the# Directory Server.## The '3ds-server.ds.authentication.requests.duration' metric provides info about the duration of the communication# between the 3DS Server and the Directory Server per authentication request.## The '3ds-server.exceptions' metric holds count info about the exceptions that occurred on 3DS Server side due to# various reasons. The exceptions are counted and distinguished on a few bases, including the type of exception,# the message flow in which the exception occurred (PREPARATION, AUTHENTICATION, RESULTS, etc) and the time of# occurrence of the exception.## These endpoints should be restricted from within the PSP environment.#management.endpoints.web.exposure.include=metrics,health## Property indicating whether Prometheus is enabled. Prometheus is a monitoring system which pulls metrics# data over HTTP periodically. The 'prometheus' endpoint is disabled by default. When enabled all metrics will be# published on it.## In order to enable Prometheus set this property to true and add 'prometheus' endpoint in# ${management.endpoints.web.exposure.include} property in order to publicly expose it.#management.metrics.export.prometheus.enabled=false## Fully qualified URL of the 3DS Server instance. This property must be configured per node (in node-<node-ID># .properties).#threedss.frontend.configs.backendApi=### Production database connection properties# The datasource URL location in format 'jdbc:postgresql://<host>:<port>/<database-name>'spring.datasource.url=# The datasource user used by the application. It is recommended that this user has read only privileges to the database# the 3DS Server application is using.spring.datasource.username=# The password of the datasource user used by the applicationspring.datasource.password=## The appropriate Driver used for database connection. Since the underlying database of the 3DS Server is Postgres,# this property is set to 'org.postgresql.Driver' and should not be changed.#spring.datasource.driver-class-name=org.postgresql.Driver## The SQL dialect of the underlying database. Since the underlying database of the 3DS Server is Postgres, this# property is set to 'org.hibernate.dialect.PostgreSQL95Dialect' and should not be changed.#spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect |