An application.properties
file in the $THREEDS_CONFIG_HOME
directory is used to set configuration options for the 3DS Server.
The available configuration options and their default values are listed below.
Note: If you don't configure a value for one of the properties in your application.properties
, the default value as shown below will be used.
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 | server.port =8080 ### Tomcat AJP connector tomcat.ajp.enabled = tomcat.ajp.ajp-port = ### Logging logging.config =classpath:log4j2-prod.xml # # Property indicating if the cardholder data should be masked in the log. Cardholder data include: name, IP address, # shipping and billing address, home, work and mobile phone. threedss.logging.mask-cardholder-data =true # # Configuration indicating which loggers should be used for saving transaction log data. This configuration accepts multiple # comma-separated values. # # Note: If Elasticsearch is used, connection to Elasticsearch should also be configured (see spring.data.elasticsearch.*) # # Example to configure logging in file and Elasticsearch: threedss.logging.storage.type=file,elasticsearch # # Possible values are: # file saves transaction logs to file # db requires threedsserver.configuration.type property to be equal to "db" # elasticsearch requires valid elasticsearch configuration # threedss.logging.storage.type =file # # Comma separated list of Elasticsearch endpoint(s) # Example values: spring.elasticsearch.rest.uris=http://elasticsearch:9200 # # spring.elasticsearch.rest.uris= # # # Enables signing elasticsearch requests with the AWS request signing interceptor if set to true # #nca.acquiring.aws.iam-role-elasticsearch-auth.enabled=false # ### 3DS Server configuration # # Property indicating the type of 3DS Server configuration. There are two supported values: # # 1. xml - indicating XML configuration # 2. db - indicating Database configuration # # If ${threedsserver.configuration.type} property is not set, it defaults to xml - indicating XML # configuration. # threedsserver.configuration.type =xml # # When the 3DS Server configuration is persisted in database, the 3DS Server also allows session data to be persisted in database. # This property indicates the type of 3DS Server session storage. There are three supported values: # # 1. cache - indicating EhCache session storage # 2. db - indicating Database session storage # 3. redis - indicating session storage using Redis # # If ${threedsserver.session.storage.type} property is not set, it defaults to cache - indicating EhCache session # storage. # # 3DS 1 / UPOP session data is only supported with redis and db session storage type. # If cache is chosen as session storage type, the 3DS 1 / UPOP session data will be stored in database. # threedsserver.session.storage.type =cache # ### Database Session Storage cleanup configuration # ### 3DS Method Data # # Property indicating whether a cleanup of the 3DS Method data should be scheduled. In a multi-instance setup # it is recommended to have it enabled on one instance. Other instances should have it false. # # If ${threedsserver.session.storage.db.threeds-method-data.cleanup.enabled} property is not set, it defaults true - # indicating a cleanup of the 3DS Method data to be scheduled according to # ${threedsserver.session.storage.db.threeds-method-data.cleanup.minutes}. # threedsserver.session.storage.db.threeds-method-data.cleanup.enabled =true # # The time interval in minutes on which the 3DS Server will clean up the 3DS Method data cache when the # ${threedsserver.session.storage.type} is set to db - indicating Database session storage, # or redis - indicating Redis session storage. # # The 3DS Server will delete all entries whose time to live minutes - # ${threedsserver.session.storage.db.threeds-method-data.time-to-live.minutes} have expired. # # If not configured differently, this property defaults to 60 minutes indicating hourly cleanup of the # 3DS Method data table. # threedsserver.session.storage.db.threeds-method-data.cleanup.minutes =60 # # The time to live in minutes of the 3DS Method data table entries. After this period of time, the 3DS Method data # entries cannot be retrieved, nor updated. On a configured time interval - # ${threedsserver.session.storage.db.threeds-method-data.cleanup.minutes} all inactive 3DS Method data entries will # be deleted. # threedsserver.session.storage.db.threeds-method-data.time-to-live.minutes =1 # ### Results Data # # Property indicating whether a cleanup of the Results data should be scheduled. In a multi-instance setup # it is recommended to have it enabled on one instance. Other instances should have it false. # # If ${threedsserver.session.storage.db.results-data.cleanup.enabled} property is not set, it defaults true - # indicating a cleanup of the Results data to be scheduled according to # ${threedsserver.session.storage.db.results-data.cleanup.minutes}. # threedsserver.session.storage.db.results-data.cleanup.enabled =true # # # The time interval in minutes on which the 3DS Server will clean up the Results data cache when the # ${threedsserver.session.storage.type} is set to db - indicating Database session storage, # or redis - indicating Redis session storage. # # The 3DS Server will delete all entries whose time to live minutes - # ${threedsserver.session.storage.db.results-data.time-to-live.minutes} have expired. # # If not configured differently, this property defaults to 60 minutes indicating hourly cleanup of the # Results data cache. # threedsserver.session.storage.db.results-data.cleanup.minutes =60 # # The time to live in minutes of the Results data table entries. After this period of time, the Results data entries # cannot be retrieved, nor updated. On a configured time interval - # ${threedsserver.session.storage.db.results-data.cleanup.minutes} all inactive Results data entries will be deleted. # # With the decoupled authentication introduced in EMV 3DS v2.2.0, the maximum time that the Requestor would wait for the # results request is defined with the 'threeDSRequestorDecMaxTime' field in the Authentication request (the maximum # time that could be set to the 'threeDSRequestorDecMaxTime' is 10080 minutes - 7 days). Therefore, if decoupled # authentication is utilised set this property to a value greater than 'threeDSRequestorDecMaxTime' sent in the # Authentication request. # threedsserver.session.storage.db.results-data.time-to-live.minutes =30 # If set to true, divides the list of card range data to be inserted into batches, the maximum size of which is # determined by the property ${threedsserver.session.storage.db.card-range-data.batch.size}. # threedsserver.session.storage.db.card-range-data.batch.parallelized =true # The batch size used if parallel mode is enabled for inserting card range data # ${threedsserver.session.storage.db.card-range-data.batch.parallelized}. # threedsserver.session.storage.db.card-range-data.batch.size =10000 # This property is used to specify the period on which 3DS Server checks if card ranges in underlying storage were # updated to update its own cache of card ranges. If property is not set, it defaults to 60 seconds i.e # 3DS Server will check for updates on 60 seconds and will update its cache if necessary. # threedsserver.session.storage.cache.card-range-data.cache-update-check.seconds =60 ### # Redis connection configuration ### # Hostname of the Redis server #spring.redis.host= # Redis port #spring.redis.port=6379 # Password for the Redis server #spring.redis.password= # Timeout in milliseconds for each Redis connection. Default is 240000ms. spring.redis.timeout =240000 # Maximum number of connections that can be allocated by the pool at a given time. Use a negative value for no limit. # spring.redis.lettuce.pool.max-active= # Maximum number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections. #spring.redis.lettuce.pool.max-idle= # Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if both # it and time between eviction runs are positive. #spring.redis.lettuce.pool.min-idle= # Shutdown timeout #spring.redis.lettuce.shutdown-timeout= # # The default location for various configuration files of the 3DS Server. # If not specified it defaults to: \${user.home}/.threeDSServer. # (\${user.home} is the user's home directory) # # threedss.config.home= # The resource location of the ThreeDS Server Configuration (e.g. file:/etc/threeDSServerConfiguration/3dss-configuration.xml) # # Use a "file:" prefix for resources located on the file system. # Use a "http:" prefix for resources loaded from an URL. # Use a "classpath:" prefix for resources located on the classpath. # # If ${threedsserver.configuration.location} is not specified (i.e. empty) it defaults to file:${threedss.config.home}/3dss-configuration.xml # (${threedss.config.home} is the value of the property "threedss.config.home") # # If not specified and the property "threedss.config.home" is not set this # defaults to file:\${user.home}/.threeDSServer/3dss-configuration.xml # (\${user.home} is the user's home directory) # threedsserver.configuration.location = # # Property indicating the name of the header field that contains the organization ID. # # If ${threedsserver.configuration.organization-id-header-name} property is not set, it defaults to # "3DS-Organization-ID". # threedsserver.configuration.organization-id-header-name =3DS-Organization-ID # # Property indicating if the passwords defined for the certificate stores in the XML configuration are encrypted. # # If ${threedsserver.configuration.use-encrypted-passwords} property is not set, it defaults false - indicating # plaintext passwords are used. # threedsserver.configuration.use-encrypted-passwords =false # # Property indicating whether testing mode is enabled. This property can be used to bypass directory server reference # number validation while evaluating the 3DS Server product. # # If ${threedsserver.testing-mode.enabled} property is not set, it defaults to false - indicating testing mode is # disabled. # threedsserver.testing-mode.enabled =false # # Timeout configuration for 3DS Server Authentication Response defined in seconds. This value will be used only if # timeout configuration is not defined at root level for the 3DS Server. # threedsserver.timeouts.ares.seconds =300 # # Timeout configuration for 3DS Server Preparation Response defined in seconds. This value will be used only if # timeout configuration is not defined at root level for the 3DS Server. # threedsserver.timeouts.pres.seconds =300 ## # Timeout configuration for 3DS Server Method defined in seconds. This value will be used only if # timeout configuration is not defined at root level for the 3DS Server. # threedsserver.timeouts.threedsmethod.seconds =10 ## # Timeout configuration for 3DS Server ProtocolError defined in seconds. This value will be used only when the # 3DS Server sends protocol error messages to the Directory Server. # threedsserver.timeouts.protocol-error.seconds =2 # # Number of threads serving ThreeDSServerResultsResponse messages invocation to the Requestor. # threedsserver.results-response.task-executor.core-pool-size =50 # # Indicates whether the 3DS Server should validate an empty Acquirer Merchant ID received as part # of the 3DS Server Authentication Request as valid. Set this property to true only if the 3DS Server # processes American Express transactions for Online Travel Agencies (OTA) merchants. The 3DS Server will validate # the empty Acquirer Merchant ID value as valid only if the 3DS Requestor ID, sent in the 3DS Server Authentication Request, # starts with 'OTA' which is American Express specific requirement. # # The default value is false, i.e. the 3DS Server will not treat blank Acquirer Merchant Id as valid. # threedsserver.api-authentication-request.allow-empty-acquirer-merchant-id =false # # The resource location of the ThreeDS Server license (e.g. file:/etc/threeDSServerLicense/3dss.lic) # # Use a "file:" prefix for resources located on the file system. # Use a "http:" prefix for resources loaded from an URL. # Use a "classpath:" prefix for resources located on the classpath. # # If ${license.resource-location} is not specified (i.e. empty) it defaults to file:${threedss.config.home}/3dss.lic # (${threedss.config.home} is the value of the property "threedss.config.home") # # If not specified and the property "threedss.config.home" is not set this # defaults to file:\${user.home}/.threeDSServer/3dss.lic # (\${user.home} is the user's home directory) # license.resource-location = # # The https protocols (i.e. TLS versions) the threeDS Server should use when establishing a connection to the directory servers. # According to the 3DS Specification, the minimum supported TLS version is TLSv1.2 # ds-client.https.protocols =TLSv1.2 # # The server has default encryption key used to encrypt/decrypt sensitive information like passwords for certificate # stores. If you want to use your own secret key specify the key alias, keystore location, keystore type # and keystore password. # # Alias for active key which will be used for encrypting. You can change your active secret key alias, # but the old key must stay present in the keystore in case it is needed for decryption or until you re-encrypt # all encrypted database entries. Active key must be AES 256 secret key. # threedss.encryption.active-key-alias = # # Keystore location. # threedss.encryption.keystore-location = # # Keystore password. # threedss.encryption.keystore-password = # # Keystore type. Allowed keystore types: PKCS12 and JCEKS. # threedss.encryption.keystore-type = # # The proxy to use for connecting to the Directory Server (leave empty if not using a proxy). # # When specifying a HTTP proxy, HTTPS connections will be tunneled through via the HTTP CONNECT method. # You may specify a user/password combination in the URL in case your proxy requires authentication. # # Example : http://foo:bar@proxy.org:8888 # # host : proxy.org # port : 8888 (optional; if not specified, the scheme default port will be used) # scheme : http # user : foo (optional; only specify a user in case your proxy requires authentication) # password: bar (optional; only specify a password in case your proxy requires authentication) # ds-client.proxy = # # The maximum number of connections for 3DS 2 requests per-route (i.e Directory Server host) # held in the connection pool of a Directory Server client. # ds-client.max-connection-pool-per-route-size =50 # # The maximum number of connections for 3DS 2 requests held in all per-route connection pools. # ds-client.max-number-of-connections-overall =100 # # The supported cipher suites for outbound 2-way SSL connections to the DS. # ds-client.supported.cipher.suites =TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # # The connection timeout in milliseconds for establishing a TCP/IP connection to the Directory Server. # ds-client.connection.timeout.milliseconds =3000 # # The maximum number of Directory Server clients to cache. # ds-client.max-cached-instances =100 # # The time (in seconds) for which the RestTemplate cache would expire. # ds-client.cached-instance-expiry.seconds =86400 # # Indicator if PReq scheduling should be enabled. This should be enabled for at least one node. # If 3DS Server is used with only one node, this property should be enabled. # # If 3DS Server is used in clustered environment and only one node will perform the updates, # enable this feature for the node that will perform the updates. Other nodes should disable this feature. # # If ${ds-client.preparation.request.invocation.enabled} is not specified, it defaults to true. # ds-client.preparation.request.invocation.enabled= # # The interval (in hours) for which the directory server is being sent a preparation request. Minimum value is 1 (1 hour), # meaning the directory server is called on every 1 hour. If you have multiple nodes running and want each node to # initiate PReq requests, consider setting this property to be the same for each node. # This combined with ${ds-client.preparation.request.initial-delay.hours} # will enable the nodes to each run in different time slots not interfering with each other. # # If ${ds-client.preparation.request.interval.hours} is not specified (i.e. empty) it defaults to 1. # The minimum amount is 1 hour (once per hour). # # ds-client.preparation.request.interval.hours= # # The initial delay (in hours) for when the PReq will start for the first time. This is called when PReq requests are scheduled for # the first time. It will add the initial delay to the current time to calculate the time of the first run. This is useful if you want # all nodes to initiate PReq requests, or set the 3DS Server to start sending PReq requests X hours after the server is started. # # IMPORTANT NOTE: For concurrency, you will have to adjust the ${ds-client.preparation.request.interval.hours} property. # The 3DS Specification requires PReq requests to be initiated at maximum of once per hour, so the suggested time to set # the initial delay is (nodeId - 1) * initialDelay. This means that if you run the 3DS Server in 4 nodes, # the first node will have an initial delay of 0 (will start immediately), second node will start after X hours, # third after 2*X hours, and fourth after 3*X hours. # # If ${ds-client.preparation.request.initial-delay.hours} is not specified, it defaults to 0. # # --- DEPRECATED --- # This field is deprecated and it will be removed in the next release. # In a clustered environment, we recommend enabling the PReq initiation on one node only or disabling it on all nodes # and use the endpoint for manual execution of preparation request. # # ds-client.preparation.request.initial-delay.hours= # # CRON expression indicating the time when the identified supported protocol values of the Directory Servers' endpoints will be # deleted. This would mean that the 3DS Server will again check for the supported protocol versions of each Directory Server. # This only applies when ${ds-client.preparation.request.invocation.enabled} is set to true. CRON # expression must consist of 6 fields. The default value (0 0 3 * * 7) indicates: every Sunday at 3am. # ds-client.preparation.request.supported-versions.scheduled-delete.cron =0 0 3 * * 7 # # The resource location of the Ehcache configuration XML for the cached data. # # Use a "file:" prefix for resources located on the file system. # Use a "http:" prefix for resources loaded from an URL. # Use a "classpath:" prefix for resources located on the classpath. # # If not specified (i.e. empty) this defaults to file:${threedss.config.home}/ehcache.xml # (${threedss.config.home} is the value of the property "threedss.config.home") # # If not specified and the property "threedss.config.home" is not set this # defaults to file:\${user.home}/.threeDSServer/ehcache.xml # (\${user.home} is the user's home directory) # ehcache.config-xml.resource-location = # # Regular expression used to validate cardholder account numbers and resolve the VISA scheme. # cardholder-account-number.regex.visa =^4[0-9]* # # Regular expression used to validate cardholder account numbers and resolve the Mastercard scheme. # cardholder-account-number.regex.mastercard =^(2(22[1-9]|2[3-9]|[3-6]|7[0-1]|720)|5|60(0|1[0|[2-9]]|[2-9])|6([1-3]|[6-9]))[0-9]* # # Regular expression used to validate cardholder account numbers and resolve the American Express scheme. # cardholder-account-number.regex.american-express =^(34|37)[0-9]* # # Regular expression used to validate cardholder account numbers and resolve the JCB scheme. # cardholder-account-number.regex.jcb =^35(2[89]|[3-8][0-9])[0-9]* # # Regular expression used to validate cardholder account numbers and resolve the Diners scheme. # cardholder-account-number.regex.diners =^(30[0-5]|3095|36|38|39|6011|64|65)[0-9]* # # Regular expression used to validate cardholder account numbers and resolve the MIR scheme. # cardholder-account-number.regex.mir =^220[0-4][0-9]* # The token string appended to the 3DS Method Notification URL when 3DS Server implementation of the 3DS Method # notification response handler is used. The purpose of the token is to randomize the 3DS Method Notification URL, so # it would not be the same for each Netcetera 3DS Server. The token shall contain only digits and letters. # # The configuration of the <ThreeDSMethodNotificationUrl> must be in the format # 'https://<host>:<port>/3ds/3ds-method-notification/', on which the ${threedsmethod.notification-url.token} is appended. # If ${threedsmethod.notification-url.token} is not configured, token won't be appended to the base notification URL, so # it will remain 'https://<host>/3ds/3ds-method-notification/'. # threedsmethod.notification-url.token = # # Boolean property indicating whether the 3DS Server should do an internal resolving of the 3DS Method completion # indicator - 'threeDSCompInd' in case when it is not provided from the 3DS Requestor for an authentication request. # Default value is true meaning that the 3DS Server should do an internal resolving. # # In case of an external 3DS Method notification URL, this property should be set to false. # threedsmethod.completion-indicator.internal-resolving.enabled =true # Property indicating which actuator endpoints will be publicly exposed. # # When enabled by this property, the metrics and health endpoints will be available on # 'https://<host>/actuator/metrics/' and 'https://<host>/actuator/health/', respectively. Each particular metric can # be accessed via 'https://<host>/actuator/metrics/<metric-name>'. # # Among other Spring built-in metrics, there is 'http.server.requests' metric which provides info about the number of # requests handled by the application. The requests are counted and distinguished on a few bases, including the # request URI, the type of method (GET, POST, etc.), the status code of the response, etc. This metric also provides # info about the duration of requests being processed by the application. # # The 3DS Server adds the following additional metrics '3ds-server.ds.authentication.requests.duration', # '3ds-server.preparation.requests.duration' and '3ds-server.exceptions'. # # The '3ds-server.preparation.requests.duration' metric provides info about the overall duration of the # execution of a preparation request both on 3DS Server side and in the communication between the 3DS Server and the # Directory Server. # # The '3ds-server.ds.authentication.requests.duration' metric provides info about the duration of the communication # between the 3DS Server and the Directory Server per authentication request. # # The '3ds-server.exceptions' metric holds count info about the exceptions that occurred on 3DS Server side due to # various reasons. The exceptions are counted and distinguished on a few bases, including the type of exception, # the message flow in which the exception occurred (PREPARATION, AUTHENTICATION, RESULTS, etc) and the time of # occurrence of the exception. # # The 3DS Server introduces new actuator endpoints available on # 'https://<host>/admin/dashboard/actuator/transactions/' - collected metrics about 3DS Server Transactions # 'https://<host>/admin/dashboard/actuator/exceptions/' - collected metrics about 3DS Server Exceptions # 'https://<host>/admin/dashboard/actuator/certificates/' - information about client certificates used by 3DS Server # 'https://<host>/admin/dashboard/actuator/card-ranges-cache/' - information about cached card ranges # # These endpoints should be restricted from within the PSP environment. # management.endpoints.web.exposure.include =metrics,health,transactions,exceptions,info,certificates,card-ranges-cache # # Property indicating whether the actuator health endpoint should display details(database related details, # diskspace related details, etc.) # management.endpoint.health.show-details =always # # Property indicating whether the actuator health endpoint should include/exclude diskspace related details. # By default, this property is true, meaning when the ${management.endpoint.health.show-details} is set to 'always', # the diskspace related details will be available. Since the diskspace related details are not relevant information, # this property is set to false, in order to exclude them from the health endpoint. # management.health.diskspace.enabled =false # # Property indicating whether Prometheus is enabled. Prometheus is a monitoring system which pulls metrics # data over HTTP periodically. The 'prometheus' endpoint is disabled by default. When enabled all metrics will be # published on it. # # In order to enable Prometheus set this property to true and add 'prometheus' endpoint in # ${management.endpoints.web.exposure.include} property in order to publicly expose it. # management.metrics.export.prometheus.enabled =false # # Comma separated decimal values for publishing percentiles for metrics that are part of service-level agreement. # By default 0.99, 0.95 and 0.70 percentiles are published. # threedss.metrics.sla.percentiles =0.99, 0.95, 0.70 # ############################################# # Core configuration properties for the MPI # ############################################# # # Should MPI use an internal session, used to validate PARes messages, # or should the external SessionData be provided through the API as part of PaResValidationRequest. # mpi.core.session-enabled =true # # Should MPI send 3-D Secure error messages to the Directory Servers # when they send invalid 3-D Secure messages. # mpi.core.send-error-messages-to-ds =true # # Should MPI send 3-D Secure error messages to the Access Control Servers # when they send invalid 3-D Secure messages. # mpi.core.send-error-messages-to-acs =true # # Should the HTTP scheme be considered a valid one, when validating the ACS url. # # Note: This should not be allowed in a production environment. # mpi.core.allow-http-for-acs-url =true # # Should the MPI strictly enforce the XML signature syntax requirements as defined by VISA. # # There are some ACSs that don't respect the VISA XML signature syntax requirements # and for example send a SignedInfo.Reference.Transforms element in the PARes. # Setting this property to false relaxes the XML signature syntax validation to also # allow such signatures. # # If not specified this defaults to true # mpi.core.enforce-xml-signature-syntax-validation =true # # Should the MPI strictly enforce the PARes validation. # # There are some ACSs that don't respect the Visa syntax requirements # and for example send a zeroed out pan element in the PARes, for all TransactionStatuses. # Setting this property to false relaxes the PARes validation to also allow such responses. # # If not specified this defaults to true # mpi.core.enforce-pares-validation =true # # Defines if the MPI should send the mastercard tokenization extension in VEReq for all MasterCard PAN/Token requests. # mpi.core.use-master-card-tokenization-extension =true # # # Property indicating whether a cleanup of the MPI session data should be scheduled. In a multi-instance setup # it is recommended to have it enabled on one instance. Other instances should have it false. # # If ${mpi.core.session-data-clean-up-enabled} property is not set, it defaults true - # indicating a cleanup of the MPI session data to be scheduled according to ${mpi.core.session-data-clean-up-interval}. # mpi.core.session-data-clean-up-enabled =true # # The time interval in minutes on which the 3DS Server will clean up the MPI session data. # # The 3DS Server will delete all entries whose time to live minutes - ${mpi.core.session-data-time-to-live} have expired. # # If not configured differently, this property defaults to 60 minutes indicating hourly cleanup. # mpi.core.session-data-clean-up-interval =60 # # The time to live in minutes of the MPI session data table entries. After this period of time, the MPI session data # entries cannot be retrieved, nor updated. On a configured time interval - ${mpi.core.session-data-clean-up-interval} # all inactive 3DS Method data entries will be deleted. # mpi.core.session-data-time-to-live =30 ################################################## # Configuration properties for the MPI DS Client # ################################################## # # The maximum number of connections for 3DS 1 requests per-route (i.e Directory Server host) # held in the connection pool of a Directory Server client. # mpi.ds-client.max-connection-pool-per-route-size =50 # # The maximum number of connections for 3DS 1 requests held in all per-route connection pools. # mpi.ds-client.max-number-of-connections-overall =100 # # The maximum number of Directory Server clients to cache. # # Directory Server clients are cached per client certificate due to the # expensive setup of the underlying SSL socket factory. # mpi.ds-client.max-cached-instances =100 # # The time for which the RestTemplate cache would expire, expressed in seconds. # mpi.ds-client.cached-instance-expiry-in-seconds =86400 # # The proxy to use for connecting to the Directory Server (leave empty if not using a proxy). # # When specifying an HTTP proxy, HTTPS connections will be tunneled through via the HTTP CONNECT method. # You may specify a user/password combination in the URL in case your proxy requires authentication. # # Example : http://foo:bar@proxy.org:8888 # # host : proxy.org # port : 8888 (optional; if not specified, the scheme default port will be used) # scheme : http # user : foo (optional; only specify a user in case your proxy requires authentication) # password: bar (optional; only specify a password in case your proxy requires authentication) # mpi.ds-client.proxy = # # The https protocols (i.e. TLS versions) the MPI should use when establishing a connection to the directory servers. # mpi.ds-client.https-protocols =TLSv1.2,TLSv1.1,TLSv1 # # Defines the connection timeout in milliseconds for establishing a TCP/IP connection to the Directory Server. # # A timeout value of zero is interpreted as an infinite timeout. # mpi.ds-client.connection-timeout-in-milliseconds =3000 # # Defines the socket timeout in milliseconds for communication with the Directory Server. # (The socket timeout is the timeout for waiting for data or, put differently, # the maximum period of inactivity between two consecutive data packets). # # A timeout value of zero is interpreted as an infinite timeout. # mpi.ds-client.socket-timeout-in-milliseconds =5000 # # Should the MPI start in simulation mode, with no communication to the DS Server. # mpi.ds-client.ds-response-simulation =false # # The resource location for the Directory Server response simulation file, containing entries in the following format: # # <pan>=<enrollment-status>,<acs-url> # # Possible values to be used for enrollment status are: Y, N or U # # When configuring the response simulation file resource location: # Use a "file:" prefix for resources located on the file system. # Use a "http:" prefix for resources loaded from an URL. # Use a "classpath:" prefix for resources located on the classpath. # # If not specified (i.e. empty) this defaults to file:${threedss.config.home}/dsResponseSimulation.properties # (${threedss.config.home} is the value of the system property "threedss.config.home") # # If not specified and the system property "mpi.config.home" is not set this # defaults to file:${user.home}/.threedss/dsResponseSimulation.properties # (${user.home} is the user's home directory) # mpi.ds-client.ds-response-simulation-resource-location = # # The max number of threads in the thread pool of the error notifier. # # The error notifier is responsible for asynchronously sending error messages to the # Directory Server or the ACS, whenever the MPI detects an error in a 3-D Secure # protocol message received from either the Directory Server or the ACS. # mpi.ds-client.max-thread-pool-size =10 #################################################### # Configuration properties for the MPI UPOP Client # #################################################### # # Proxy used for connecting to UnionPay inquiry server. # See details about proxy settings above (dsClient.proxy). # mpi.upop-client.proxy = # # Defines the connection timeout in milliseconds for establishing a TCP/IP connection to the UnionPay Server. # # A timeout value of zero is interpreted as an infinite timeout. # mpi.upop-client.connection-timeout-in-milliseconds =3000 # # Defines the socket timeout in milliseconds for communication with the UnionPay Server. # # A timeout value of zero is interpreted as an infinite timeout. # mpi.upop-client.socket-timeout-in-milliseconds =5000 # # Fully qualified URL of the 3DS Server instance. This property must be configured per node (in node-<node-ID>.properties). # threedss.frontend.configs.backend-api = # ### Production database connection properties # # The datasource URL location. The JDBC connection string may differ depending on the database type, but we recommend # the specified formats defined below. Supported database types are PostgreSQL, MySQL, Oracle and Microsoft SQL Server. # # Recommended JDBC connection strings: # PostgreSQL: jdbc:postgresql://<host>:<port>/<database-name> # MySQL: jdbc:mysql://<host>:<port>/<database-name> # Oracle: jdbc:oracle:<oracle-driver>:<host>:<port>:<SID> # Microsoft SQL Server: jdbc:sqlserver://<host>:<port>;database=<database-name> spring.datasource.url = # # The datasource user used by the application. It is recommended that this user has read only privileges to the database # the 3DS Server application is using. # spring.datasource.username = # # The password of the datasource user used by the application. # spring.datasource.password = # # --- DEPRECATED --- # This field will be deprecated and it will be removed in future versions. Spring Boot will automatically detect the # driver class from the datasource URL. For MySQL this field is still required since it automatically detects an older # JDBC driver. # # The appropriate Driver used for database connection. Supported database types are PostgreSQL, MySQL, Oracle and # Microsoft SQL Server. The value should be defined depending on the underlying database. # # Default database is PostgreSQL. Accepted values are: # # org.postgresql.Driver - indicating PostgreSQL database will be used # com.mysql.cj.jdbc.Driver - indicating MySQL database will be used # oracle.jdbc.OracleDriver - indicating Oracle database will be used # com.microsoft.sqlserver.jdbc.SQLServerDriver - indicating Microsoft SQL Server database will be used # #spring.datasource.driver-class-name= # # The SQL dialect of the underlying database. Supported database types are PostgreSQL, MySQL, Oracle and Microsoft SQL Server. # The value should be defined depending on the underlying database. # # Default database is PostgreSQL. Accepted values are depending on the desired dialect, but it is recommended to use # one of the following: # # org.hibernate.dialect.PostgreSQL95Dialect - indicating PostgreSQL 9.5 Dialect will be used # org.hibernate.dialect.MySQL57Dialect - indicating MySQL 5.7 Dialect will be used # org.hibernate.dialect.Oracle12cDialect - indicating Oracle 12 c Dialect will be used # org.hibernate.dialect.SQLServer2012Dialect - indicating Microsoft SQL Server 2012 Dialect will be used # spring.jpa.properties.hibernate.dialect =org.hibernate.dialect.PostgreSQL95Dialect # # The maximum number of pooled connections to the database. It is recommended to have a bigger number for better # performance. # spring.datasource.hikari.maximum-pool-size =300 # # Enables/Disables the application to be registered as Eureka Client (it can communicate with the registry). # # Disable the Eureka Client for applications that are configured with XML files. # eureka.client.enabled =false # # Enables/Disables the application to be able to send heartbeats to Eureka Registry. # This has no effect if: eureka.client.enabled=false # # Enable the Eureka Client Healthcheck by default # eureka.client.healthcheck.enabled =true # # List of Eureka Registry URLs. If the 3DS Server Admin is acting as a Eureka Registry, then the 3DS Server Admin # endpoint needs to be configured. # eureka.client.service-url.defaultZone = # # Custom Eureka instance ID. Uncomment this property to set a custom ID for the Eureka instance. If not set # Eureka will populate it by automatically resolving the host on which the instance is running, together with the port # and application name. #eureka.instance.instanceId= # # Custom Eureka hostname. Uncomment this property to set the hostname where your Eureka instance is running. If not set # Eureka will resolve the hostname automatically. #eureka.instance.hostname= # # Custom Eureka instance context path. Uncomment this property to set the context path which will be appended to the # instance hostname. Should be set only if there is a need of a context path, otherwise only the hostname will be used. #eureka.instance.metadata-map.contextPath= # # A property which decides whether the connection to the instance is secure (https). By default this property is false. #eureka.instance.securePortEnabled= # # The secure port on which the instance should receive traffic. By default this is 443 # or resolved from the server.port property of the instance. #eureka.instance.securePort= # # A property which decides whether the connection to the instance is non secure (http). By default this property is true. #eureka.instance.nonSecurePortEnabled= # # The non secure port on which the instance should receive traffic. By default this is 80 # or resolved from the server.port property of the instance. #eureka.instance.nonSecurePort= # # A property which controls whether an Organization ID header will be sent in to the DS. # Turn this on when you are using the NDM simulator and have organization based card simulations. # ds.send.org.id =false # # Property controlling whether IAM database authentication is enabled. This feature is only available # for MySQL and PostgreSQL databases running on AWS. See more information here: # # When the IAM database authentication is enabled, the ${spring.datasource.password} # property should not be configured. # # The default value is false, i.e. by default, the standard way of authentication using username/password is performed. # # nca.acquiring.aws.iam-role-db-auth.enabled=false # |