Major Release 2022.1.3
August 30, 2023
In this release:
Key Features: 2022.1.3
External Domain User Group management available in Community Manager
This release adds support for mapping LDAP and SAML groups to Akana roles from within the Community Manager Developer Portal. This includes support for specialized roles like Business Admin and Site Admin.
APIs to manage group roles
New APIs are available that enable searching for groups and users within a domain and mapping them to Akana roles, again including specialized roles like Business Admin and Site Admin.
Enhancements: 2022.1.3
MongoDB option to use Aggregation Pipelines for data rollups now supported when upgrading
MongoDB Aggregation Pipeline support for data rollups was added in 2022.1.0 for Akana customers using MongoDB for the first time with their 2022.1.x deployment, but not for those upgrading from a 2020.x or earlier version. Now, support has been added for upgrade scenarios. In addition, a new automation recipe to upgrade Envision to Mongo Aggregation is now included in the Envision bundle.
A property in the Admin Console controls whether to use the new Aggregation Pipeline support or the previous Map-Reduce option, available under Configuration > Configuration Categories > com.soa.persistence.mongodb.
To reduce the memory footprint of the Mongo _id, the new Mongo Aggregation framework now compresses all the individual fields. The ContainerKey in the _id remains intact for sharding purposes.
For details, see "Using the Aggregation Pipeline for data rollups" on the Akana docs site.
Case number: No related case number
Critical and high severity vulnerabilities fixed
Multiple critical and high severity CVEs reported by Prisma through August 7, 2023, have been resolved.
Case number: No related case number
New automation recipe sets a container's default context path
A new automation recipe, pm-features.json, sets the root context path to /console for a Policy Manager console. You can change this path manually or using the recipe. Any change to the root context path requires a container restart.
Case number: No related case number
New recipe upgrades Envision dataset to Mongo Aggregation
A new automation recipe that upgrades an Envision dataset from Mongo’s Map-Reduce to Mongo’s Aggregation is included in the Envision bundle. Run this recipe (envision-upgrade-to-aggregation.json) after upgrading Akana to update all existing Envision datasets to use Mongo Aggregation pipelines.
In addition, support for MongoDB Aggregation Pipelines has been added in this release for upgrade scenarios.
Case number: No related case number
MongoDB recovery job logic enhanced, with a new recommended index
When a MongoDB recovery job failed, it could continue to trigger further rollup jobs, ending up in a perpetual failed state. You can now disable the recovery job to avoid this condition. In the Admin Console, under the configuration com.soa.persistence.mongodb, set persistence.mongodb.rollup.skipRecoveryIteration = -1 to disable the recovery job.
In addition, a new index is recommended to optimize the query while performing recovery jobs:
use METRIC_ROLLUP_DATA
db.<dataset_name>.createIndex(
{"value._rolluptype": 1, "value.rawIds": 1},
{name: "<dataset_name>RecoveryIDX"}
)
Case number: No related case number
Network Director containers do not need restarting when the Policy Manager domain certificate is updated
When the Policy Manager domain certificate is updated, the Network Director containers retrieve the updated certificates without restarting.
Case number: 00616796
Known Issues 2022.1.3
MongoDB Issues
- Group functionality for a dataset does not work with aggregation.
- For Envision, rollup returns an error if an array of values is stored in the METRIC_RAW_DATA database table.
- For Envision, rollup fails when the dimension type is IP-Address and User-Agent.
The Throughput Quota policy processes an extra request with the grid counter service
When the Throughout Quota policy is configured with a limit of x requests per time interval, the throughput limit exceeded error is returned for x + two requests instead of x + one request.
API Quota Usage charts are not returned at a license level with intervals in minutes
When a quota policy is attached to a license and the defined interval is in minutes, the API Analytics License page does not return charts for the API Quota Usage. The other charts on API Analytics License page return proper results.
JRE upgrade results in a new error message regarding untrusted certificates
After upgrading the JRE shipped with the product from 2019.1.36 to 2020.2, the error message returned for untrusted certificates changed. The new version of the JRE returns a socket error rather than an error specific to an untrusted certificate. This is not a change in Akana; rather, it is a change in the JRE.
Case number: 00797955
Envision Business Service Level Policy
The Business Service Level Policy generates only one alert even when multiple alerts are configured.
The Operational Aggregate Policy could fail when assigned at the operation level
The Operational Aggregate Policy could fail when assigned at the operation level using the HTTP Basic Authentication policy or the OAuth Security policy, returning an HTTP "401 Unauthorized access" error.
Case number: 00847940
Container's Admin Console may report duplicate valid session cookie errors
The Admin Console of the container may intermittently display an error dialog reporting duplicate valid session cookies. The Admin Console may then become unresponsive or may return an an HTTP 404 error "File not found." Clearing browser cookies clears this error.
Duplicate log entries for exceptions and JOSE Profile Policy
Any exception results in two identical stack traces written to the log file.
Additionally, when the JOSE Profile Policy is used and Forced Diagnostic Logging is turned on, the trace block is written twice and the second trace block has a stack trace appended even when there is no exception.
The Business Service Level Policy may not work properly when attached to an app
The Business Service Level policy is successfully applied when attached at the API level, but will not function as expected if attached while creating an App contract.
Search based on a tag fails for numeric characters
A search based on a tag fails if the tag search criteria includes numeric characters.
Bug Fixes: 2022.1.3
Revoking an existing OAuth grant could return an error
Calling the API Revoke Token to revoke an existing OAuth token could return an error if the "Encrypt JWT Access Token" option under Akana OAuth/OIDC Provider settings was enabled.
Case number: 00925204
Security vulnerability regarding certificate server addressed
A security vulnerability could result in the failure of the certificate server. Enhanced error handling has been added.
Case number: 00977055
HTTP Message Validation policy returns errors when combined with the Aggregate policy
The HTTP Message Validation policy could return an error "IllegalStateException" when combined with the Operational Aggregate policy attached to an API.
Case number: 00769490
Some APIs could return a general system error after upgrade
A “General system error” could be returned when trying to access some APIs after a platform upgrade to 2022.1.x
Case number: 00944879
Network Director unresponsive after addition of new certificates
When new certificates were added to Policy Manager, Network Director could become unresponsive, resulting in the failure of some requests.
Case number: 00831818
Sync job could fail to trigger after upgrade
After upgrading to 2022.1.2, a sync job to provision an app to an external OAuth provider did not trigger.
Case number: 00904939
Using an external keystore with alias could still require a password in the UI
Note: This issue also shipped with 2022.1.2.5.
When signing in using an external keystore and an alias, the UI incorrectly required a password, causing the login to fail.
Case number: No related case number
APIs with multiple bindings could return an error regarding duplicate policy IDs
If an API had more than one binding, two different WSDLs would be created for the same API; in this case, invoking the API would return an exception regarding a duplicate policy.
Case number: 00701258
Validation error name change could cause rule mapping to fail
A change in the HTTP Message Validation Policy validation error message for Open Banking could cause issues with rule mapping.
Case number: 00905256
Logging into the Admin Console could return an error
In certain situations, users could not log into the Admin Console, getting the error, “You are not authorized to access the Admin Console."
Case number: 00898541
Duplicate session cookies in the Admin Console
When logging into the Admin Console, duplicate session cookies could be generated, returning an error message "Duplicate valid session cookies." To address this issue, the default root context path in Policy Manager has been changed from “/“ to “/console“. In addition, the appropriate automation recipe has been updated to set the root context path for the container to the new default. For detail, see “Properties File for PM/CM Container” in the Akana documentation.
Case number: No related case number
New properties control usage and rollup data
Two new properties in the Admin Console enable or disable usage and rollup data. The properties are under the configuration com.soa.monitor.usage:
- Rollup Generator Enabled (rollup.generator.enableRollups)
Enables the rollup writer to write rollup data to rollup database tables. - Usage Generator Enabled (rollup.generator.enableUsage)
Enables the usage writer to write usage data to usage database tables.
Both default to true.
Case number: No related case number
Exporting a large volume of services could fail when using MS SQL
In Community Manager, exporting organizational data could fail for organizations with more than 1,000 APIs or Apps when using MS SQL Server.
Case number: No related case number