Netcetera 3DS Server - Release Notes - Version 2.10.0.0

Overview

Published: 07.05.2024

Version 2.10.0.0 is a major release of the Netcetera 3DS Server.

For documentation about this release please refer to the documentation site.

Compatibility

This version is NOT backwards compatible with previous versions of the Netcetera 3DS Server.

Important notification

XML Configuration Removal

The 3DS Server XML configuration possibility will be removed in 6 months.
It is strongly advised to promptly transition to database configuration before installing the released version which will include the removal.

Redis Session Storage

With the Redis session storage enhancement, which enables Redis to automatically delete the key upon expiration, the cleanup schedulers for deleting expired session data will no longer be necessary.

They should remain ENABLED until session data entries stored from previous versions, lacking the 'time-to-live' setting, are removed.
Once this condition is met, they can be safely DISABLED:

- threedsserver.session.storage.threeds-method-data.cleanup.enabled=false
- threedsserver.session.storage.results-data.cleanup.enabled=false
- threedsserver.session.storage.redis.results-response-data.cleanup.enabled=false
- threedsserver.session.storage.operation-data.cleanup.enabled=false

Versioning changes

As announced in the release notes of the previous major version of the 3DS Server 2.9.0.0, V3 versioning endpoint is no longer active from major version 2.10.0.0. V4 versioning is now the sole versioning endpoint in use. Please find detailed information about V4 here.

Switch from Log4j2 to Logback

In this version the 3DS Server and 3DSS Admin UI dependencies to Log4j2 are removed and replaced with Logback. THe logging configuration documentation is updated accordingly, both for the 3DS Server and 3DSS Admin UI applications. In case you override the default configuration template and provide your own logging configuration file, please update the logging configuration before installing the update. Otherwise, this change does not affect your setup.

Preferred protocol version

Please be informed that the latest option as preferredProtocolVersion is now deprecated and will be removed after 6 months. This option will no longer be supported due to variations in message formatting between EMV 3DS 2.3.1 and its predecessors, EMV 3DS 2.2.0 and EMV 3DS 2.1.0. Read more in FAQ under the EMV 3DS 2.3.1 section.

Upgrade Notes

  • Renamed 3DS Server and 3DSS Admin UI configuration properties:
    Old nameNew name
    logged-transaction.elasticsearch.index-namethreedsserver.lucene.logged-transaction.index-name

Changes

New Features

  • Introduced new properties:
    • threedsserver.default.scheduler.poolSize - Sets the size of the default thread pool task scheduler, default value 10.
    • threedsserver.default.scheduler.threadNamePrefix - Sets the prefix for the threads created by default thread pool task scheduler, default value 3dss-thread-
    • threedsserver.lucene.logged-protocol-message.index-name - Defines the index name for logged protocol messages in Elasticsearch or OpenSearch. The default value is set to 'logged_protocol_message'.
  • Introduced a new field Error Endpoint in the Scheme Configuration. When configuring a new scheme, if you specify an Error Endpoint, all error notifications will be directed to this URL. If no Error Endpoint is specified, the system will default to using either the Directory Server URL in the case of errors occurring during an Authentication Request, or the Directory Server Preparation Request URL for errors during a Preparation Request.
  • Introduced Logback as the new logging framework, replacing Log4j2.

Improvements

  • The 3DS Server metrics http.client.requests and http.server.requests are extended with an additional tag orgName, i.e. the organization name. This tag is useful in multi tenant setup and will enable filtering the metric by the organization name. The orgId (i.e. the organization id) has been earlier added as tag to these metrics, however the organization name offers clearer understanding. For further customization of these metrics the following properties have been introduced:
    • http.metrics.client.exclude-tags, that contains a list of tags which should be excluded from the http.client.requests metrics.
    • http.metrics.server.exclude-tags, that contains a list of tags which should be excluded from the http.server.requests metrics. More information about these properties can be found on 3DS Server Configuration Properties.
  • A new SQL procedure has been added to facilitate the deletion of results data in batches. The batch size is configurable within application properties using the property named threedsserver.session.storage.db.results-data-cleanup.batch-size, with a default value set to 1000. This enhancement mitigates the risk of database locks, particularly when dealing with large volumes of results data.
  • Updates ThreadPoolTaskScheduler configuration bean, to manage all threads with a pool size of threedsserver.default.scheduler.poolSize.
  • Introduced second ThreadPoolTaskScheduler that will only manage preparation request thread pool task scheduler.
  • Introduced conditional activation for the /3ds-method-notification endpoint based on the threedsmethod.completion-indicator.internal-resolving.enabled property. When true, the endpoint is active, enabling relevant functionalities; when false, it remains inactive, resulting in a 404 Not Found response. This enhancement enhances security and flexibility.
  • Introduced a new metric indicating the start time for each scheduled job. The metrics can be found under the actuator/metrics endpoint.
  • Enhanced Redis session storage by configuring a timeout on 3DS Method data, Results data, Results Response data and Operation data, enabling Redis to automatically delete the key upon expiration.
  • The Public Key Data in the AuthenticationResponse is now masked when logged/stored.
  • Removed /exceptions and /transactions actuator endpoints from the 3DS Server.
  • Removed the following old and deprecated metrics: PaReqCreation, PaReqCreation.InputValidation, PaReqCreation.EnrollmentVerification, PaReqCreation.EnrollmentVerification.DsCommunication, PaReqCreation.EnrollmentVerification.ResponseValidation PaReqCreation.EnrollmentVerification.ErrorNotification, PaResValidation, PaResValidation.InputValidation, PaResValidation.PaResConversion, PaResValidation.MessageElementValidation, PaResValidation.SessionRetrieval, PaResValidation.TimeoutValidation, PaResValidation.MessageValidation, PaResValidation.MessageValidation.ResponseValidation, PaResValidation.MessageValidation.ErrorNotification, PaResValidation.MessageValidation.SignatureValidation, AuthReqCreation, AuthReqCreation.InputValidation, AuthResValidation, AuthResValidation.InputValidation, AuthResValidation.ResponseValidation, AuthStatusInquiry, AuthStatusInquiry.InputValidation, AuthStatusInquiry.SendInquiry, AuthStatusInquiry.ResponseValidation. For a detailed overview of the metrics, please see the Operation Manual, Monitoring section.
  • Removed deprecated ds-client.preparation.request.initial-delay.hours application property.
  • Improvements focus on optimizing performance when using OpenSearch or Elasticsearch as loggers for saving transaction log data. With these enhancements, we have doubled the efficiency in processing transactions per second.
  • OAuth authorization flow is extended with Proof Key for Code Exchange (PKCE), enhancing security by requiring clients to demonstrate possession of a cryptographic key during token exchange, thereby fortifying protection against impersonation attacks and unauthorized token usage.

Bug Fixes

  • Fixed the issue, in multi tenant setup, of not being able to update the IAM Issuer URL without a restart of the Admin application, for a certain non-default organization.
  • Fixed the issue when two logged protocol messages with the same threeDsServerTransId were concurrently sent for asynchronous writing to the underlying storage (database).