Netcetera 3DS Server - Release Notes - Version 2.5.0.0
Overview
Published: 11.11.2021
Version 2.5.0.0 is a major release of the Netcetera 3DS Server.
For documentation about this release please refer to the documentation site.
Compatibility
This version is NOT backwards compatible with previous versions of the Netcetera 3DS Server.
Important notification
The 3DS Admin built-in users' authentication (i.e. internal mode of users' authentication) is deprecated and it will be removed in 6 months from now. Customers should use external OIDC provider for authenticating their users. The 3DS Admin is now able to be integrated with an OIDC provider. Find more information under 3DS Admin OIDC support.
Additionally, in this release we have removed the property eureka.instance.home-page-url which was used for defining the URLs of the eureka instances. The eureka URLs are now constructed from the hostname eureka.instance.hostname and port which can be secure or not secure eureka.instance.securePort or eureka.instance.nonSecurePort. Additionally if the eureka.instance.metadata-map.contextPath is set, it will be appended at the end of the already constructed URL. You can also set an instance ID by using the eureka.instance.instanceId property, otherwise eureka will try to resolve the instance ID by itself.
Upgrade Notes
This release introduces new and removed configuration properties for the Netcetera 3DS Server and Netcetera Admin applications. For detailed documentation please refer to the 3DS Server Configuration Properties and 3DS Admin Configuration Properties.
These are the included changes:
Removed Admin configuration properties:
threedss.discovery.client.type=
Added Admin configuration properties:
eureka.client.enabled=true
nca.acquiring.aws.ecs-discovery.enabled=false
nca.acquiring.aws.ecs-discovery.cluster=
Removed 3DS Server configuration properties:
eureka.instance.home-page-url=
Added 3DS Server configuration properties:
eureka.instance.instanceId=
eureka.instance.hostname=
eureka.instance.metadata-map.contextPath=
eureka.instance.securePortEnabled=
eureka.instance.securePort=
eureka.instance.nonSecurePortEnabled=
eureka.instance.nonSecurePort=
threedsserver.session.storage.db.threeds-method-data.cleanup.enabled=true
threedsserver.session.storage.db.results-data.cleanup.enabled=true
mpi.core.session-data-clean-up-enabled=true
Changed the default value of the properties from daily to hourly cleanups of the session data:
threedsserver.session.storage.db.threeds-method-data.cleanup.minutes=60
threedsserver.session.storage.db.results-data.cleanup.minutes=60
mpi.core.session-data-clean-up-interval=60
Changed the default value of the batch size when exporting transaction logs:
threedss.transaction-logs.excel-file-generating=10000
Added Elastisearch configuration properties:
nca.acquiring.aws.iam-role-elasticsearch-auth.enabled=false
Removed Elastisearch configuration properties:
spring.data.elasticsearch.client.reactive.endpoints=
This property has been removed, since the ES endpoint(s) can fully be configured with the existing property spring.elasticsearch.rest.uri
3DS Transaction CLI Tool will also populate new fields according to the newest transaction log data model. For detailed documentation please refer to 3DS Transaction CLI Tool page.
Changes
New Features
- Added support on the 3DS Admin application for integration with external OIDC (IAM) providers. Find more information under 3DS Admin OIDC support.
- Added a new implementation for a Discovery Client: AWS ECS Discovery Client. Now you can choose between two Discovery Clients: Netflix Eureka and AWS ECS Discovery Client. You can read more on the Service Discovery page.
- Added support for publishing 3DS Server and Admin metrics to AWS Cloudwatch, so that customers can
consume and visualize monitoring metrics in AWS. Enable this feature by configuring the
management.metrics.export.cloudwatch.enabled
property totrue
. - Added support for IAM database authentication for MySQL and PostgreSQL databases running on AWS.
Enable this feature by configuring the
acquiring.aws.iam-role-db-auth.enabled
property. See details about it in the 3DS Server configuration properties and in the 3DS Admin configuration properties. - Added organization ID query parameter to the Result Request endpoint URL that is sent to the DS.
- Added micrometer counters for initiated and completed transactions. Metric names are: app.3ds-server.initiated-transactions and app.3ds-server.completed-transactions.
Improvements
- Enabled signing Elasticsearch requests with the AWS request signing interceptor and improved configuration of Elasticsearch endpoint URIs.
- Updated error message when a Versioning request is sent with an already existing threeDSServerTransID. Added error message: "3DS Method Completion Data is already present for transaction ID".
- Added indexes idx_created_results_data, idx_created_threeds_method_data, idx_created_threedsone_session_data and idx_created_upop_session_data to the column "created" of the tables results_data, threeds_method_data, threedsone_session_data and upop_session_data respectively which will speed up the deleting process.
- Added an index (idx_logged_trans_domain_org_id) to the column "domain_organization_id" inside the table logged_transaction which will speed up the searching process.
- Elasticsearch transaction model is extended with the following fields:
domainOrganizationId
domainOrganizationName
purchaseCurrencyAlphabeticCode (example values: EUR, USD)
protocol (values: 3DS1, 3DS2 and UPOP)
finalTransStatus - values: Y, N, U, R, A, I (Y = Yes, N = No, U = Unavailable, R = Rejected, A = Attempts, I = Informational)
transFlowType values: C, D (C = Challenge, D = Decoupled Challenge)
transStatusReason - values: 01-26
dataModelVersion - before migration to the newest transaction model this value is set to null
- Database transaction model (table: logged_transaction) is updated with the following fields:
finalTransStatus (column: final_trans_status) - values: Y, N, U, R, A, I (Y = Yes, N = No, U = Unavailable, R = Rejected, A = Attempts, I = Informational)
transFlowType (column: trans_flow_type) - this is a new field with values: C, D (C = Challenge, D = Decoupled Challenge)
transStatusReason (column: trans_status_reason) - values: 01-26
domainOrganizationId (column: domain_organization_id)
dataModelVersion (column: data_model_version)- before migration to the newest transaction model this value is set to null, otherwise it is set to 1
- Upon searching transactions transStatus column will be remapped to the new finalTransStatus in the AdminUI.
- Additional transaction search filtering has been added for field: transFlowType in the Admin UI.
- Introduced configuration properties for enabling session storage data cleanup. In a multi-instance setup the cleanup should be enabled on one instance and disabled on all others. Additionally, the default interval for cleaning session storage data was reduced from one day to one hour.
Bug Fixes
- Fixed handling of time zones and DST when using MS SQL Server as database. The configuration property
spring.jpa.properties.hibernate.jdbc.time_zone
can be removed as now the time offset will be stored correctly in the database. - Fixed capturing Mastercard cards which start with
225
. The Mastercard card ranges regex is changed in the 3DS Server application propertiescardholder-account-number.regex.mastercard
From:
^(2(22[1-9]|[3-6]|7[0-1]|720)|5|60(0|1[0|[2-9]]|[2-9])|6([1-3]|[6-9]))[0-9]*
To:
^(2(22[1-9]|2[3-9]|[3-6]|7[0-1]|720)|5|60(0|1[0|[2-9]]|[2-9])|6([1-3]|[6-9]))[0-9]*
- Allow using Elasticsearch deployed on AWS. This option is disabled by default. To turn it on set property:
acquiring.aws.iam-role-elasticsearch-auth.enabled
totrue
in the server's configuration. - Updated MySql migration script (V2_3_202106211200__add_index_on_threedss_transaction_id.sql) to not include the database name when adding the index to the FK (Foreign key) threedss_transaction_id inside the table logged_protocol_message.