Version 2020.1.5
Akana 2020.1.x System Requirements
Upgrading the Akana API Platform from 2019.1.x to 2020.1.0
The Akana API Platform and other Akana products are changing versioning schemes with this first major release of 2020. All major releases now follow the scheme "xxxx.1.0" rather than "xxxx.0.0". As a result, this first major release for 2020 is 2020.1.0.
Test all customizations when upgrading.
Default Theme is now deprecated and will be removed completely in a later version.
jQuery has been upgraded to v3.4.1 from v1.8.3. This version of jQuery impacts all Developer pages in all themes, requiring any customizations to be tested with jQuery v3.4.1. For migration information, see jQuery Core 1.9 Upgrade Guide and jQuery Core 3.0 Upgrade Guide.
Date/release version |
Changes |
| January, 2021 2020.1.0 |
New entry added for Logging into Policy Manager could fail without error. |
| January, 2021 2020.1.1 |
New entry added for Notifications page displayed inconsistent date formats. |
The Real Time Charts in Policy Manager no longer use the Adobe Flash Player, which Adobe stopped supporting on December 31, 2020. The new, improved versions display similarly to earlier, Flash-based charts.
The Policy Manager's Dependency Map has been removed from the UI, previously available at Services > Monitoring > Dependency chart.
Support ticket: No related support tickets.
The JOSE Security Policy v2 now supports OBSeal certificates for UK Open Banking 3.1.
Support ticket: SUPPORT-37560
For API, App and User extensible properties, Community Manager now supports the configuration of a single value or multiple values. A multi-value list can include free-form values added by the user.
Support ticket: No related support tickets.
The authentication protocol NT LAN Manager version 1 (NTLMv1) is deprecated; the platform now suppports NTLMv2.
Support ticket: SUPPORT-37466
Version 2020.2.0 will add a new feature that allows policies to be attached at the operation level as well as at the service level. This requires some changes in the request and/or response to some existing operations that manage information about policies attached to an API.
Previously, these operations used the Policies model object, whether directly or nested within another model object. The Policies object includes an array of information about one or more policies attached to the service. In 2020.2.0, these operations will use additional information, to accommodate policy attachments at the operation level in the developer portal and the APIs:
Modified operations include:
ApiVersion:
TargetAPI:
APIImplementation:
Support ticket: SUPPORT-36137
Loading an OpenAPI 3.0 or Swagger 2.0 document could result in a missing operation for a new API or API version with an object type of patternProperty.
Support ticket: SUPPORT-39726
When using OpenAPI 3.0 or Swagger 2.0, an API description document with complex, compound schemas containing keywords allOf, anyOf, or oneOf could result in a malformed display of operation details.
Support ticket: SUPPORT-39524
In Policy Manager for a service with a Basic Auditing Policy attached, the outbound (next hop) auditing log was reporting the inbound headers. Outbound auditing now correctly reports downstream, or outbound, headers.
Support ticket: No related support tickets.
Some URLs in Community Manager containing special characters resulted in a Cross-Site Scripting (XSS) vulnerability. This issue has been addressed.
Support ticket: SUPPORT-38469
When adding or modifying a theme, and saving the updates in the Site Settings page, the platform no longer automatically generates out-of-the-box customization files for all current themes. Note that customization files are still generated for new themes only.
Support ticket: No related support tickets.
When trying to open the Sign Up page by clicking the Create Account tab in the Community Manager developer portal, the page could fail to load and would display an error if images or logos were in use for any enabled login domains.
Support ticket: SUPPORT-36489
When using OpenAPI 3.0 or Swagger 2.0, an API description document with complex, compound schemas containing keywords allOf, anyOf, or oneOf could result in a malformed display of operation details.
Support ticket: SUPPORT-38857
In Policy Manager, the Consumer Identities list sometimes failed to display, due to sorting errors.
Support ticket: SUPPORT-38181
When using the PS algorithms (PS256, PS384, and PS512) as the signing algorithm for the OAuth/OIDC provider, the null c_hash claim is returned in the ID token.
Support ticket: SUPPORT-37671
Image files uploaded to the developer portal are now sanitized before they are accepted for upload.
Support ticket: No related support tickets.
A regression in the deployment of physical service certificates could cause failures in next hop security policies. The failure was triggered by configuring a security policy, such as the WS-Security Asymmetric Binding Policy, on a physical service, using an X.509 token with a subject category of "service".
Support ticket: SUPPORT-37806, SUPPORT-37151
This release includes no enhancements.
When a user added an app, two API calls were made – first to add the app with a random Shared Secret value, and then to update the Shared Secret with a user-specified or generated value. This caused latency. Now, only one API call is made, which improves performance.
Support ticket: SUPPORT-37257
The API Consumer Application Security Policy was returning HTTP 500 "Internal Server Error" instead of HTTP 401 "Unauthorized" when the required header was missing.
Support ticket: SUPPORT-35955
A new configuration property has been added to Akana Administration Console's Configuration tab to remove the idle user authorization tokens from the cache. The new property is available under Configuration > com.soa.atmosphere >
atmosphere.config.authTokenTimeToIdleTimeInSeconds.
The default idle time is 62 seconds. The tokens were previously cached for 30 minutes regardless of their usage, and thus could use a large chunk of memory and cause out-of-memory errors on portal containers.
Support ticket: SUPPORT-36309
The default listener idle thread timeout value is 1,800,000 ms (30 minutes), but when a new listener was created manually, the default idle thread timeout was 180,000 ms (3 minutes). Now, all defaults are consistent at 1,800,000 ms.
Support ticket: SUPPORT-27897
The HTTP Message Validation policy has a new option "Log additional properties" to generate an alert when the request contains properties disallowed by the schema. When enabled, the alert is generated. The default is disabled.
Support ticket: SUPPORT-35453
WS-Auditing Service Policy did not save transaction logs.
Support ticket: SUPPORT-36770
When sending a request to an API resulted in an error, and detailed auditing was enabled for an Auditing Service policy, the request body and header data for the SOAP service was not saved.
Support ticket: SUPPORT-36155
When the Policy Manager domain certificate is updated, there is no need to restart Network Director containers to update the certificate information.
Support ticket: SUPPORT-32450
The JOSE Security Policy's Appendix F option now enforces a Base64URL encoding on the payload when signing, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).
Support ticket: No related support tickets.
After deleting an individual notification from the notification list in the developer portal, the remaining notifications were duplicated.
Support ticket: SUPPORT-30997
The Jose policy was not checking the certificate validity corresponding to the private key that's used for signing the request.
Support ticket: SUPPORT-35208
In the tenant security settings, a new setting "Strict Policy" has been added to "Limit file types allowed for upload" under Settings > Security. Enabling Strict Policy allows only the media types specified in the allowed file types. If disabled, the supertypes of the media types specified will also be allowed. For example, a selection of "text/plain" in the allowed file types would also allow html, application/json, etc. mediatypes.
Support ticket: SUPPORT-29653
To improve performance, two pages in the developer portal have been updated:
In addition, two operations in the developer portal that return contracts have been updated:
These operations no longer return detail regarding the avatar image for the connected app or API.
Support ticket: SUPPORT-36314
A new login policy setting has been added to configure concurrent logins for tenant users. This setting "Allow Concurrent Sessions" is available under Admin > Settings > Logins. By default, concurrent logins are allowed as before, meaning that a user can have more than one session running concurrently in multiple browsers or on multiple devices.
Support ticket: SUPPORT-24491
The Analytics aggregation collection primary key storage in MongoDB has been optimized to reduce RAM requirements for efficient charting and aggregation queries. This is evident when creating new datasets in Envision.
Support ticket: No related support tickets.
The Operational Metrics Policy has been deprecated. Instead, define a new dataset and then use the Business Metrics Policy to define dimensions and metrics.
The Notifications page displayed dates in a 24-hour format while its Details page used a 12-hour format. Now, a 12-hour format is consistently displayed.
Support ticket: SUPPORT-30175
When creating new tenants in an existing Network Director container, the new tenant could incorporate a deployment zone with invalid settings.
Support ticket: SUPPORT-34106
A new boolean property InUserTop has been added to the API model to identify whether this API is in the user's My Dashboard of top APIs. See API Object for more details.
Support ticket: No related support tickets.
Note: The key features here are specific to 2020.1.0 and are not available in earlier 2019.1.x update releases. For features and enhancements also available in 2020.1.0 but delivered in previous update releases, see each update version below..
Akana’s business analytics solution Envision has been relaunched with numerous enhancements and performance improvements:
Deprecation: The "Realtime" chart time interval features has been disabled, as this information is available in the developer portal. Existing real time charts will continue to function.
This release adds support for Apache Kafka, a deployment option that allows audit and metrics data from the Akana gateways to be streamed via Kafka instead of the native built-in support. The use of Kafka can improve Akana gateway performance and increase the deployed platform's reliability:
The Akana deployment can also specify the heap size to use for messages. The default is 20%. Any messages that would result in exceeding the specified heap size are dropped. This approach helps keep the gateways alive and performant.
A new theme Bonita has a user-friendly, streamlined interface targeted at the API consumer, i.e., the app developer, and provides access to API information including the API overview, details, performance charts, logs, documentation, and Test Client. Similarly, for apps, Bonita users have access to the app's details, overview, performance charts, logs, license monitoring, and Test Client.
Bonita is ideally suited to the production instance in the lifecycle in which APIs are promoted via automation. Automation ensures that only approved and governed APIs make it into production, thereby providing a trusted portal with no rogue APIs. For detail, see Bonita Theme on the Akana docs site.
The information reported and displayed in API transaction logs now includes several new metrics to provide additional information about the timing of exchange processing in the API Gateway. This allows for the measurement of timings such as TTFB (Time to First Byte), I/O times, and API Gateway processing times. These new metrics are used to provide enhanced feedback in the developer portal user interface for API analytics. See Viewing the time to first byte (TTFB) metric on the Akana docs site.
The developer portal now includes a monthly report that provides a visual summary of metric information across all businesses for the tenant. Data can be broken out by day if needed, and includes platform API usage, customer API usage, and totals for resources such as apps and APIs. See Monthly Report for detail.
The developer portal now includes a new dashboard where users can monitor up to 10 APIs on which they have the API Admin role. Users can adjust the visual display as needed, including adjusting duration and interval for the chart and removing one or more APIs from the display. The My Dashboard feature includes charts for Throughput, Request Size, and Response Time. See Monitoring Top APIs with the My Dashboard Feature on the Akana docs site.
Multiple improvements have been made to the generated Swagger 2.0 API documentation for improved usability, including converting the description from a column to a row, adding color for easy identification of the sample JSON, and improving readability by moving the operation summary and providing better spacing.
The platform’s support of dynamic deployment of error messages and UI copy, introduced in 2019.1.12, has been enhanced to require specifying the resource bundle base name in the Java properties file. Generated documentation now includes a summary of resource bundles for UI copy and error messages. Specifying the resource bundle base name helps identify the resources in use, which helps reduce the likelihood of collisions and speeds up lookups. See Internationalizing Error Messages and UI Copy on the Akana docs site.
Support has been added for MySQL 8.0.
Note that MySQL 8.0.x uses GROUPS as a reserved word, so the platform's table name GROUPS has been changed to CM_GROUPS.
This release includes numerous enhancements to the recipes that automate deployment. See Deployment Automation Improvements for details.
Various enhancements have been made to the recipes that automate deployment, including:
Support ticket: No related support tickets.
A new property has been added under the Akana Administration Console Configuration tab to allow the configuration of the Elasticsearch sniffer feature, which automatically discovers nodes. The property is elastic.client.useSniffer under com.akana.es.client.security. The default setting is true.
Support ticket: No related support tickets.
The DevOps theme for Lifecycle Coordinator has added support for LDAP and Active Directory login accounts.
Support ticket: No related support tickets.
Links to a non-existent landing page display an HTTP 404 "Page not found" rather than a blank page.
Support ticket: SUP-9733, SUPPORT-1040
The Akana OAuth/OIDC Provider domain now supports the "claims" request parameter. For detail, see the relevant RFC at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter.
Support ticket: SUPPORT-29833
Updates and enhancements have been made to the database tables MO_USAGEDATA, MO_USAGE_NEXTHOP, MO_ROLLUP, and *MO_ROLLUPDATA to include the length of the message header:
| MO_USAGEDATA | Includes two new fields
|
| MO_USAGE_NEXTHOP | Includes four new fields:
|
| MO_ROLLUP* | All MO_ROLLUP tables have two new fields:
|
| *MO_ROLLUPDATA | These fields now both include the length of the headers and not just the content length:
|
Support ticket: No related support tickets.
Because the API GET /resources/{ResourceVersionKey}/settings can be called before user login, the settings it can return have been limited to:
A new api, getPostLoginSettings (GET /resources/v2/{ResourceVersionKey}/settings), returns all the tenant's settings and requires that the user be logged in.
Support ticket: No related support tickets.
Login pages for the Akana Administration Console and Policy Manager have been rebranded.
Support ticket: No related support tickets.
A series of new APIs have been added to the platform to control a user's list of "Top APIs" maintained in the new My Dashboard feature. These APIs are part of the Users service and add, delete or return information on the APIs in this list:
For detail, see the list of Users service APIs at Users Service: Overview.
Support ticket: No related support tickets.
The Admin menu in the developer portal (under More > Admin) has been reorganized for better usability. This includes flattening the left Admin menu to make various elements more accessible. For example, Country Codes is now a top-level entry, and Custom Styles has been renamed “Customization” and moved up from the Config menu.
Support ticket: No related support tickets.
Usage monitoring now uses data size queues when batch writing usage data, reducing the likelihood of out-of-memory conditions. Prior to this change, monitoring usage data was based on queue size. The properties on com.soa.monitor.usage have changed as follows:
| com.soa.monitor.usage | Description | Default value |
|---|---|---|
| New properties: | ||
| usage.batch.writer.maxSizeUsageDataPct | max heap size used by usage data | 20 |
| usage.batch.writer.maxSizeUsageMessagesPct | max heap size used by usage data | 40 |
| Removed properties | ||
| usage.queue.capacity | ||
| usage.message.queue.capacity | ||
| rollup.queue.capacity | ||
| transaction.queue.capacity | ||
| transaction.queue.capacity |
Support ticket: No related support tickets.
In previous versions, when customizing files, users needed to create an exact folder structure within the developer portal, in File Explorer, and create and upload the customization files.
Now, two new options provide a theme-specific set of starter files for customization:
The page has been renamed and is now on the top-level Admin menu:
In addition, users can provision all starter customization files in one action by going to the Site Settings page and adding a new theme.
Note: If customization files are already in place, they are not overwritten.
For detail, see What functions are available to the Site Administrator on the Customization page? on the Akana docs site.
Support ticket: No related support tickets.
For batch messages processed asynchronously, reply message processing could experience a slowdown with overhead limit errors. This could occur when configuration limits were reached, which would result in connections being closed. The behavior has been changed to reduce the likelihood that connections will be closed unnecessarily.
Support ticket: SUPPORT-26089, SUPPORT-27740
The platform's Sign Up page for new accounts has updated the security questions section to add a "Select" option so the user can choose security questions, rather than having the page pre-select security questions.
Support ticket: No related support tickets.
A new Country Codes page in Admin > Country Codes allows Site Admins to manage the visibility of country codes on Signup, User Profile, and Create User pages. For detail, see Country Codes on the Akana docs site.
Support ticket: No related support tickets.
The Rhino JavaScript engine has been updated to the latest version, 1.7.12.
Support ticket: SUPPORT-29942
For MongoDB, usage info (headers) and usage messages (payload) are now stored separately, to decrease memory load in Network Director and improve performance.
A new MongoDB collection PM_AUDIT.AUDIT_MSG stores usage messages distinct from the existing collection PM_AUDIT.AUDIT used for usage Info. In addition, the existing index AUDIT_2AIdx on PM_AUDIT.AUDIT has been modified to have a unique restriction with a shard key prefix, for example:
> use PM_AUDIT;
|
> db.AUDIT.createIndex( { "containerKey" : 1, "eventId" : 1 }, |
{ "name": "AUDIT_2AIdx", "unique" : true, "background": true } ) |
You may have to update your scripts if you are retrieving Auditing Service Policy data directly from MongoDB.
Support ticket: No related support tickets.
When creating an API, its visibility can now be specified under the Add API screen's Advanced Options section.
Support ticket: SUPPORT-1789, SUP-17137
Trusted CA services have been enhanced to support expiration dates for certificates and to allow their removal.
Support ticket: SUP-1279, SUPPORT-1001
In some cases, a keyword search did not return entries from an API's Swagger description. Now, a document's descriptor tags are added to an API's tags when adding an API in the developer portal.
Support ticket: SUP-13385, SUP-15048, SUPPORT-1097, SUPPORT-1146
Installing Community Manager now installs both Hermosa and Default themes, so they no longer need to be installed separately. (Note, however, that Default Theme is deprecated with the 2020.1.0 release and will be removed completely in a later version.)
Support ticket: No related support tickets.
By default, QoS (Quality of Service) policies defined in a tenant are displayed in the API Access wizard when an app/API contract is requested. If you don't want the app developer to see these policies, disable this setting on the More > Settings > Apps page by deselecting the item "Show policies on API Access wizard."
Support ticket: SUP-12957, SUPPORT-1092
Performance enhancements have been made to improve Network Director startup times.
Support ticket: No related support tickets.
To allow users to download files via authored API documentation, add a new class attribute soa-control-cm-inline-do-not-process-link to the HTML <a> tag. A link with this class attribute is not processed to remove the link. See API Documentation Maintenance on the Akana docs site.
For example:
<a class="soa-control-cm-inline-do-not-process-link" href="./file-download.xlsx?download=true" target="_blank">Download Spreadsheet</a>
|
Support ticket: SUP-10706, SUPPORT-1052
Apps contracted to an API are automatically connected to a new API version, using the API version workflow's pre-function connectAppsFromPreviousVersion. To take advantage of this feature, add the function to your workflow. For detail, see API Version Workflow, "connectAppsFromPreviousVersion."
Support ticket: SUPPORT-17097
When adding an API version using the API POST /api/apis/{APIID}/versions, passing in an API version ID is not allowed and will return an HTTP "400 Bad Request" error. Previously, the version ID was ignored, but did not return an error.
Support ticket: SUP-12292
Default Theme is now deprecated and will be removed completely in a later version. All customers using Default Theme should move to the Hermosa Theme as soon as possible, and migrate any customizations. For example, port header customizations according to Community Manager: Migration Guide and Community Manager: Customizing the User Interface. Other customizations should continue to work, but style customizations are likely to be required.
The deprecated Akana OAuth Provider Agent and Akana API Platform OAuth Provider Agent have been removed from the product distribution. It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: Sample deployment Scenario.
The Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.
Policy Manager login could fail with no error if MongoDB was inaccessible. Now, an error message MongoTimeoutException is logged.
Support ticket: SUP-15314, SUP-17150, SUPPORT-5695, SUPPORT-1801, SUPPORT-1160
Envision charts displaying average values could display incorrect averages due to an incorrect aggregation query. This query has been corrected to work in all scenarios.
Support ticket: SUP-17820
On an Envision chart, updating the title of the y-axis did not update the title on the chart.
Support ticket: No related support tickets.
Deleting one or more charts could result in an error.
Support ticket: No related support tickets.
Unnecessary post-hook commits have been removed which might be causing row lock contention.
Support ticket: SUPPORT-35255
Logging in using the Google Connector Domain no longer fails. Note, however, that the Google Connector domain is deprecated with 2020.1.0. It is recommended to use the OpenID Connect Relying Party domain for platform login.
Support ticket: SUPPORT-30145, SUPPORT-33763
Private Key JWT validation now works for OAuth providers that use a resource server authorization URL with a trailing slash.
Support ticket: SUPPORT-35229
A bug in a third-party configuration library could cause blocked headers to be passed through the API Gateway to the client.
Support ticket: SUPPORT-34419
Business Administrators can no longer delete an organization or tenant if the Site Admin has removed the "delete" privilege from the Business Admin's role.
Support ticket: SUPPORT-31715
The API Charts feature was not displaying an API's request duration in the user interface when request duration was 0 milliseconds.
Support ticket: SUPPORT-30365
In Network Director, SaxParser instances could result in Out of Memory errors when XML request messages were normalized and contained a large number of distinct tags.
Support ticket: SUPPORT-34017
The app sync events to PingFederate are now processed in the order they were received, to avoid irregularities.
Support ticket: SUPPORT-24194
For PingFederate, disabling the "client registration" option in the domain configuration still resulted in the app's credentials being synced.
Support ticket: SUPPORT-32847
Akana Test Client was sending an optional "scope" parameter with the access token for the Authorization Code grant type, causing some OAuth providers that were not expecting it to fail. The TestClient no longer sends this optional parameter.
Support ticket: SUPPORT-33634
For third-party domains such as Google and Facebook, an email notification is now sent when the user or a site admin changes the user's login email.
Support ticket: SUPPORT-28538
An API Owner who creates an API in an organization now has appropriate "read" access to that organization.
Support ticket: SUPPORT-31756
In some cases, direct parameter references in Swagger 2.0 documents were not being saved on upload.
Support ticket: SUPPORT-32778
When selecting a specific deployment zone on the Add API page, API implementation endpoints are properly generated.
Support ticket: SUPPORT-32754
When using the upgrade recipe pm-cm-upgrade.json, the Quartz scheduler is enabled. To avoid error messages, disable it if the instance is not configured to run Quartz jobs.
Support ticket: No related support tickets.
When uploading a file to create an API, the file contents are validated. If the contents includes HTML or Cross-Site Scripting (XSS) tags, the API is not created.
Support ticket: No related support tickets.
The use of an invalid or unsupported content encoding in the Detailed Auditing policy could result in logging failure.
Support ticket: SUPPORT-31656
A new option to disable GET method support for the OAuth authorization server's Token API has been added to the Akana Administration Console, on the configuration category com.soa.oauth.provider. The new property is com.soa.oauth.provider.config.tokenAPIGetOperationSupport, with a default value of com.akana.feature.enabled. Disabling this option (with com.akana.feature.disabled) may address certain security vulnerabilities in which sensitive data could be passed in the GET method request.
Support ticket: SUPPORT-25706
For the GET /api/search API, the format for EntityReferences in the search results are now returned uniformly in all areas of the platform, in the format below:
"EntityReferences" : {
|
"EntityReference" : [ {
|
"Guid" : "b0e71ec7-a200-4661-a3a8-f0c587cdb4d5.open",
|
"Category" : [ {
|
"value" : "modelversion",
|
"domain" : "uddi:soa.com:resourcetype"
|
} ]
|
} ]
|
}
|
This formatting change addresses the possibility of multiple separate EntityReference entries in the search results.
Support ticket: SUPPORT-28214
In the developer portal, two-factor authentication (2FA) could delay sending a verification email to users in certain situations.
Support ticket: SUPPORT-29217
On Linux, if the heap size was increased via the JAVA_OPTS property, starting the container in background mode could result in duplicate arguments.
Support ticket: SUP-15585, SUPPORT-1179
Lifecycle Manager tenant library numbers are now created in sequential order with a three-digit random number at the end, i.e., "installation ID": "Library ID randomNumber(000-999)". For example: 68:9334.
This numbering ensures a unique ID, and helps prevent an error when creating the library.
Support ticket: SUPPORT-23732, SUPPORT-24790, SUPPORT-30723
A new configuration option has been added in the Administration Console to allow the SO_LINGER time to be set for a listener. This controls how long connections will wait to purge all data when closing. The default was previously set to 30 seconds, which could be too long in some scenarios.
The new property is com.soa.platform.jetty > http.incoming.transport.config.linger. The default is set to 10 seconds.
Support ticket: No related support tickets.
Auditing Service policies that have "Audit Transport" enabled now capture transport headers even if message content auditing is not enabled. Previously, only the transport status code and method were captured.
Support ticket: SUPPORT-22109
A new HTTP Headers Injection policy allows you to automatically add specific headers on messages processed by the platform and relayed to the client. These headers can be used to enforce security restrictions. See Using the HTTP Headers Injection Policy on the Akana documentation site.
Support ticket: SUPPORT-28645, SUPPORT-3147
Three new properties on the Jetty transport manage connections, allowing finer control over connection lifetime when processing resources are low. These properties are on the com.soa.platform.jetty configuration category:
| Property | Description |
|---|---|
| http.incoming.transport.config.maxIdleTime | The default maximum number of milliseconds that a connection can remain idle before it is closed. Default: 200000 |
| http.incoming.transport.config.lowResourceIdleTime | The number of milliseconds that a connection can remain idle when server resources are low. A value of -1 disables low resource checking. This is triggered when the number of active connections reaches the limit set by lowResourcesConnections. Default: -1 |
| http.incoming.transport.config.lowResourceConnections | The number of connections that will result in a low resource condition, expressed as a percentage of the listener thread pool size. This is used only when lowResourceIdleTime is > 0. Default: 100 |
Support ticket: No related support tickets.
This release includes no enhancements.
This release includes no enhancements.
The OAuth Client Policy has been enhanced to save the error returned by the downstream token provider in the container log.
Support ticket: SUPPORT-24799
A new recipe is now included by default in the recipes directory, admin-console.json, including the following properties:
ADMIN_CONSOLE_LOCALHOST_ONLY
|
ADMIN_CONSOLE_ACCESS_RESTRICTED
|
ADMIN_CONSOLE_DOMAIN_ENABLED
|
ADMIN_CONSOLE_BASICAUTH_ENABLED
|
Support ticket: No related support tickets.
The metrics API that returns metrics for a specified API version, GET /api/apis/versions/{APIVersionID}/metrics, now returns totalRequestSize and totalResponseSize for the response message, representing the aggregated request and response size.
Support ticket: SUPPORT-22176
When a user is testing in Test Client, in the context of the app, the API, or the API documentation, Test Client no longer prompts for authentication credentials.
Support ticket: SUPPORT-30657
A new checkbox “Enforce Appendix F” is displayed when choosing Unencoded Detached Payload as the Provider role in the JOSE Security Policy v2. Selecting this checkbox applies Base64 encoding to the payload and removes the Base64 JWS header, as defined in the Appendix F (Detached Content) section of the JWS specification (RFC-7515).
Support ticket: SUPPORT-27722
In the developer portal, searching APIs, apps, and users now indexes Lifecycle Repository metadata. To enable metadata search for existing data, delete the indices for APIs, apps, and users and then reindex the objects.
For example, assuming localhost:9200, first delete the indices:
$ curl -XDELETE 'localhost:9200/default_api'
|
$ curl -XDELETE 'localhost:9200/default_app'
|
$ curl -XDELETE 'localhost:9200/default_user'
|
$ curl -XDELETE 'localhost:9200/default_metadata'
|
Then, run the query:
delete from INDEX_STATUS where OBJECTTYPE in ('api', 'app', 'user');
|
Support ticket: No related support tickets.
The legacy functions ApplicationAPI#saveAppOAuthClient71Properties and ApplicationAPI#getAppOAuthClient71Properties are deprecated with this release and will be removed from the product in 2020.1.0. Clients should instead use functions ApplicationAPI#saveAppOAuthClientProperties and ApplicationAPI#getAppOAuthClientProperties.
Support ticket: SUPPORT-32433
This release includes no enhancements.
Support has been added for both partial endpoint and complete endpoint search. To search for a complete endpoint, use surrounding double quotes, i.e., "https://example.com/v1".
To enable endpoint searching, delete the indices for "api" and "metadata", then reindex the api objects. For example, using localhost:9200:
1. |
$ curl -XDELETE 'localhost:9200/default_api' |
2. |
$ curl -XDELETE 'localhost:9200/default_metadata' |
3. Run query |
"delete from INDEX_STATUS where OBJECTTYPE ='api';" |
Support ticket: SUP-16590
Messages can now be customized dynamically for internationalization or localization.
Place relevant properties files into the deploy directory of a container named according to the pattern com.akana.messages-<qualifier>.cfg, where <qualifier> is a unique string used to identify this particular file. The file is a normal Java properties file containing <key>=<string> pairs. A special key named "_locale" can be used to specify the locale for the messages.
Support ticket: No related support tickets.
Two new settings have been added in the developer portal (Admin > Settings > Security) as a security feature. The first allows the Site Admin to restrict characters that are allowed in certain platform input fields such as app, API, and group Name, Summary, and Description fields and forum discussions and tickets, to help prevent cross-site scripting attacks.
If this setting is enabled, default characters that are always allowed are: alphanumeric characters, comma, period, hyphen, and space. The second field allows the Site Admin to specify additional characters that are allowed.
Support ticket: No related support tickets.
A configuration property has been added to enforce strict ordering of cipher suites in HTTPS listeners. This allows the server to dictate the order of cipher suites offered to clients, improving the security profile of these listeners.
The new property, in the com.soa.platform.jetty configuration category, is: http.incoming.transport.config.useCipherSuitesOrder.
Support ticket: SUPPORT-26735
The ability to block outbound traffic to classes of addresses has been added. There are two new configuration properties for this, in the com.soa.http.client.core configuration category:
Support ticket: SUPPORT-31243
A new classifier, preserve-existing-policies, has been added to Runtime Configuration.
In previous versions, if the run-on-updates classifier was set to true, and there were updates to the API's properties, existing policies were not overwritten. With the new classifier included and set to false, the policies attached to the API are overwritten.
Support ticket: No related support tickets.
This release includes no enhancements.
This release includes no enhancements.
A new logging category has been introduced to capture internally generated HTTP request errors that may occur when matching a request to an operation or service. The default name for the new category is http.request.error.
When this category is set to WARN, the container application log will contain an entry for every generated error in NCSA Common log format. Note that the previous Jetty-specific configuration (com.soa.platform.jetty > default.error.handler.logError) is no longer used.
Support ticket: SUPPORT-25390
The developer portal migrated from OpenID to OpenID Connect in a much earlier version, 7.2.3. Support of the legacy OpenID Relying Party domain will be completely removed in 2020.1.0. Any existing legacy domains should be migrated appropriately.
Support ticket: No related support tickets.
A "Forgot Password?" workflow is now supported in the DevOps Theme. The feature follows the standard "forgot password" flow, prompting the user for an email address, sending the user a code, then providing a way for the user to reset the password.
Support ticket: No related support tickets.
Automatic container registration combined with cluster creation is now supported in the Network Director. Prior to this, using the register.container recipe to register a container and create a cluster could fail if the cluster already existed.
Support ticket: SUPPORT-27439
In order to reduce system overhead when not in use, the Hazelcast framework is now disabled by default. To enable Hazelcast, set hazelcast.instance.manager.enable to true in the configuration com.soa.grid.
Support ticket: No related support tickets.
When the Site Admin activates user accounts, a new reserved action @UserActivated has been added to send the activated user a notification.
Notifications are not sent by default, however. To take advantage of this action, uncomment line 834 in the default user workflow:
<!-- <common-action id="19" /> --> |
For specifics, see http://docs.akana.com/cm/workflow/08_user_wf.htm#user_ra_18.
Support ticket: SUPPORT-29675
MongoDB 3.6 support has been extended to include 3.6.16.
Support ticket: No related support tickets.
With this release, support has been added for Oracle 19c.
Support ticket: SUPPORT-27807, SUPPORT-29789, SUPPORT-29790, SUPPORT-30531
Generated API documentation can now be based on OpenAPI 3.0, as well as Swagger, with the option to switch between Swagger 2.0 and OpenAPI 3.0.
Support ticket: No related support tickets.
A new configuration property, default.error.handler.logError, has been added to com.soa.platform.jetty. A value of true adds general errors to the container log file. The default is false.
Support ticket: SUPPORT-25390
The DevOps theme now supports external logins when the Active Directory Identity System is configured to use LDAP.
Support ticket: SUPPORT-29403
All detailed logging data from messages/responses, scripts, and processes are limited by the Administration Console configuration setting in com.soa.policy.handler.audit -> audit.maxContentSize. The default is 500,000. This setting helps avoid out of memory problems or exceeding data limits in MongoDB or other databases.
Support ticket: No related support tickets.
Network Director can now validate dynamic scopes at runtime. This support allows a single asterisk. The asterisk can be included as a prefix, in the middle, or as a suffix.
Support ticket: SUPPORT-28507
Automation recipes now include the ability to remove features using the Feature Administration service API {urn:com.soa.admin.service.features.jaxrs} FeatureService's endpoint DELETE/admin/features/installed/{id}.
Support ticket: No related support tickets.
For the Http Message Validation Policy, more specific error codes were added to comply with the UK Open Banking 3.1 specification, when OB 3.1 is selected on the Options page. For example, any field of type "date" that is in error will result in a UK.OBIE.Field.InvalidDate error code. Previously, the policy was returning UK.OBIE.Field.Invalid error code. New error codes were also added to handle JSON parsing errors and invalid account and secondary account ids.
Support ticket: SUPPORT-25653
A new classifier, run-on-updates, provides the ability to disable the Runtime Configuration when modifying an API. This avoids the Runtime Configuration overwriting changes made to an API in the developer portal.
Support ticket: SUPPORT-29126
When deleting an app, the SimpleDev theme now prompts the user for confirmation before deletion. Before, the app was immediately deleted without confirmation.
Support ticket: SUPPORT-1084
A new column has been added in several locations in the API Designer, for APIs based on Swagger 2.0 or Open API 3.0, to support model object examples. The new column appears after the Schema column in the Models sections, and in the Request and Response sections if a model object is specified.
Support ticket: SUP-16258
The Home page for the hermosa and default themes has been redesigned to incorporate embedded videos and updated features.
Support ticket: No related support tickets.
The API "/api/discussions/{DiscussionID}/comments" now checks that the user has read access to the requested discussion.
Support ticket: SUPPORT-22787
For the HTTP Message Validation Policy, only top-level validation errors display. Before, errors could display for each nested element when the error was actually triggered only on the last element.
Support ticket: SUPPORT-25648
Users can now select an OAuth version (1.0a, 2.0, or both) in the Runtime Configuration.
Support ticket: No related support tickets.
A user with Monitor permissions, but without Modify permissions, can view an app's or API's analytics and logs. Previously, only users with Modify permissions on an API or app could view its analytics.
Support ticket: No related support tickets.
The API to add an API version (POST /api/apis/{APIID}/version) now returns an HTTP 400 Bad Request error if an APIVersionID is passed in. Previously, the APIVersionID was accepted as input without throwing an error even though it is not a parameter to the API.
Support ticket: SUP-12292
New APIs based on Swagger documents will have the same version as the Swagger document if the API has no defined version; otherwise, the APIVersionInfo will be used.
Support ticket: SUP-14958, SUPPORT-1141
The SearchAPI (/api/search) supports a new query parameter UpdatedFromDate to retrieve objects added or updated after a certain date, for example:
/api/search?q=(type:app-version)&UpdatedDateFrom=2019-10-11T23:00:00
|
Support ticket: No related support tickets.
A new PromotionProfile property, preserve-shared-secret, controls whether the shared secret of existing app in the target environment is retained at promotion.
The default is false, meaning that shared secret of an app in the target environment is overwritten by that in the source environment. For detail, see http://docs.akana.com/cm/promotion/promotion_users_guide.htm#props_preserve_shared_secret.
Support ticket: SUPPORT-29124
A new PromotionProfile property, disable-consumer-app-check, controls the promotion of an API's corresponding consumer app, useful if you are using fanout and want to promote the consumer app to one environment but not another. A value of true prevents the automatic promotion of the corresponding consumer app (if any.)
For detail, see http://docs.akana.com/cm/promotion/promotion_users_guide.htm#props_disable_consumer_app_check.
Support ticket: SUPPORT-22911
This release includes no enhancements.
Note: The key features here are specific to 2019.1.0 and are not available in earlier 2019.0.x update releases. For features and enhancements also available in 2019.1.0 but delivered in previous update releases, see each update version below.
A new validation policy has been added to support the Open Banking Mutual Authentication TLS (MATLS) specification. This policy, the Open Banking Client Validation Policy, uses MATLS rather than the client secret for authentication. This is required for the Open Banking Dynamic Client Registration for OAuth.
Support tickets: SUPPORT-23129, SUPPORT-3870, SUPPORT-24612, SUPPORT-26843
The Header for the Hermosa theme has been completely redesigned for improved look-and-feel and usability. Elements of the site are more easily accessible, with dropdown menus for the top-level items, among other improvements.
Note that this change impacts header customizations, which will need to be ported to the new header. For more information, see Community Manager: Customizing the User Interface and Community Manager: Migration Guide.
Support ticket: No related support tickets
Test Client has been enhanced to support multiple OAuth policies on a single API and the Aggregate policy.
Support ticket: No related support tickets
Custom API version workflows now control the options available on the API Details page. This enhancement includes new API states for specified users to control permissions for specified users:
"@ModifyPolicies", "@ModifyDeployments", "@ModifyDebugOptions", "@ModifyOutboundIdentities", "@ModifyExtensionProperties", "@DeleteAPIImplementation", "@ModifyLegals"
Support ticket: No related support tickets
The Charts page within API Analytics now includes both charts and logs combined, with filters for viewing both API and App transaction logs and charts. For example, for a specific API, you can filter by all available operations, statuses, and response time. To view transaction log data, use the Load Logs button.
Note: Log information is available only if an auditing policy was attached to the API during the time period.
Support tickets: No related support tickets
New configuration properties are available in the Akana Administration Console to configure the Lifecycle Coordinator promotion feature. These are:
For detail, see Configuration properties for the Promotion Feature.
Support ticket: No related support tickets
Two new properties now support API and app version visibility when promoting to the target environment. For example, an API's or app's version might be set to Public in the source tenant and Private in the target tenant. These properties are appVersion.visibility and apiVersion.visibility.
Support ticket: No related support tickets.
The Runtime Configuration can now select an OAuth domain for use with an API. Then, when an API is created in the developer portal, the OAuth domain will be set on it. Note that OAuth domain scopes cannot be set within the Runtime Configuration.
Support ticket: SUPPORT-5628
A Runtime Configuration can now filter based on API implementation type, either SOAP or REST.
Support ticket: No related support tickets.
A new promotion profile property, preserve-outbound-identities, can be set on a topology to allow saving the existing outbound identities on the target during promotion.
Support ticket: SUP-17125, SUPPORT-1778
On a general HTTP 404 "Resource not found" condition, the error response now takes into account the HTTP Accept header from the client, generating a JSON, XML, or HTML (the default) response based on the desired content type. Previously, the error response was always HTML.
Support ticket: SUPPORT-22558, SUPPORT-3903
The jQuery library used in the Akana Administration Console has been updated to the latest stable and secure version, so that the entire platform now uses jQuery 1.11.3.
Support ticket: SUPPORT-21388
The Elasticsearch Scroll API has now been implemented to more effectively return large numbers of results. Previously, the platform iterated through the search results 100 at a time, making it possible to exceed the default index.max_result_window value of 10,000.
Support ticket: SUPPORT-24812, SUPPORT-23905
The Business Security settings page under Admin > Settings > Security now includes a new option to limit media types allowed for uploading to comments, discussions, tickets, alerts, or reviews. The default allows any media type.
Support ticket: SUPPORT-24292
JOSE v2 policies that conform to the Open Banking specification now support adding the character set compatible with the "application/json" in the Accept header, for example: "application/json;charset=utf-8." Previously, adding the character set (charset) to the Accept header resulted in an error.
Support ticket: SUPPORT-26263
Errors generated by an HTTP Message Validation Policy now support enumerated elements, in conformance with Open Banking Implementation Entity (OBIE) requirements.
Now, when a field is defined as an enum in the policy but there is no value for this enumerated field defined in the schema, the policy will return "UK.OBIE.Unsupported.<field_name>" where <field_name> is the supplied enum value that doesn't match the schema's list of valid enum values. Prior to this enhancement, the policy returned "UK.OBIE.Field.Unexpected."
Support ticket: SUPPORT-25161
The HTTP Message Validation Policy has a new option, "Allow additional properties by default," to control the behavior when an additionalProperties property in a Schema object is not explicitly specified in a Swagger schema. This is useful because the Swagger 2.0 specification is unclear regarding the default value for additionalProperties.
By default, this option is enabled so that all additional properties are allowed.
Support ticket: SUPPORT-25391
HTTP Message Validation policies that conform to the Open Banking 3.1 specification can now specify the documentation URL to include with Open Banking-compliant error messages returned by the policy. If not set, the default is: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1000702294/Read+Write+Data+API+Specification+-+v3.1.1.
For more information, see Creating an HTTP Message Validation Policy on the Akana docs site.
Support ticket: SUPPORT-25156
The Akana OAuth/OpenID Connect (OIDC) provider now includes the "state" and "openbanking_intent_id" claims in the id_token for the Open Banking consent Hybrid Flow. Prior to this enhancement, these claims were returned only in the access_token.
Support ticket: SUPPORT-25631
JOSE v2 policies that conform to the Open Banking 3.1 specification can now specify the documentation URL to include with Open Banking-compliant error messages returned by the policy. If not set, the default is: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1000702294/Read+Write+Data+API+Specification+-+v3.1.1.
For detail, see Configuring JOSE Security Policy v2 options on the Akana docs site.
Support ticket: SUPPORT-25156
The recipes provided to automate migration to newer versions now support the ability to skip major versions.
Support ticket: No related support tickets.
The Elasticsearch feature now supports the ability to save the Jetty transport access log to the Elasticsearch index. This is controlled through three new properties in the Administration Console under the configuration com.akana.log.elasticsearch:
| Property | Description | Default Value |
|---|---|---|
| requestLog.enabled | Enables or disables saving the Jetty log to the Elasticsearch index | false |
| requestDataSaver.elasticHost | The host location of the index | http://localhost:9200 |
| requestDataSaver.elasticIndex | The name of the index | request-log |
Support ticket: No related support tickets.
The deprecated Cluster Support plug-in (com.soa.feature.cluster) has been removed from the product distribution. Instead, use automation recipes for configuring clusters.
Support ticket: No related support tickets.
A new classifier API Group Visibility can be set for Runtime Configurations to invite user groups to view an API. For more detail, see "API Group Visibility" in the Runtime Configuration on the Akana docs site.
Support ticket: SUPPORT-5575
The Elasticsearch Transport Client deployment option is deprecated in version 2019.1.0, and will be removed in version 2020.1.0. It is recommended to use the REST Client which communicates to the Elasticsearch server or cluster by accessing a URL.
The Akana OAuth Provider Agent feature is deprecated in version 2019.1.0, and will be removed in version 2020.1.0.
It is recommended that customers have a dedicated OAuth container to manage OAuth tokens, as covered in the diagram of recommended deployment: http://docs.akana.com/sp/deployment/deployment_clustered.htm.