SMP 4.2

Description

We are happy to announce the release of the Service Metadata Publisher (SMP) 4.2. SMP is the sample implementation of an eDelivery Service Metadata Publisher (SMP) by the European Commission.

SMP 4.2 includes the following new features and fixed bugs:

• UI user authentication using an external CAS authentication server
• Separate UI login credentials and Rest Service (API) credentials (access tokens)
• Extension framework: support for custom extensions for payload security verification (e.g., malware scanning)
• Alert features: ability to send email notifications for alerts (e.g., when credentials are about to expire, failed logins, etc.)
• Configuration properties can be now edited in the UI
• Admin UI now accessible using a separate URL, avoiding the need to have it exposed to the Internet (e.g., it can be secured via a firewall)
• Support for multivalued RDN certificates for authentication to SMP
• Support for SSLClientCert header authentication (base64-encoded X.509 certificate) when authenticating the client for the Rest Service (API) via reverse proxy
• X.509 certificate policy extension validation
• Support for participant identifiers without the scheme
• Logging framework: Log4J replaced by SLF4J
• Various security enhancements

Fixed bugs:

• Fixed the space character URLs encoding in service-group response

• Fixed wrong ebCore party identifier serialization in XML response

• Fixed registering redirect service metadata using the UI tools

SMP 4.2 is backward compatible with 4.1.x. The upgrade to SMP 4.2 is highly recommended.

Supported platforms:

• Application servers:
  • WebLogic 12.2.1.4 (tested version, future versions might work)
  • Apache Tomcat 8.5.x (tested version, future versions might work)
• Database:
  • MySQL 8 (tested version, future versions might work)
  • Oracle 11xe and Oracle 19c (tested version, future versions might work)
• Java:
  • Oracle JRE8

Documentation

Migration from SMP 4.1.2 to 4.2

In order to upgrade to SMP 4.2, please follow the steps:

• MySQL or Oracle migration scripts have to be manually executed in DB prior to re-deployment of new WAR version. Scripts are located in smp-setup.zip.

• MYSQL only, please run the additional mysql commands located here.

Release notes

Please find below the list of new features, improvements, solved bugs and known limitations.

Improvements and new features

• EDELIVERY-6180: Supporting multivalued RDN certificates in SMP
• EDELIVERY-6306: Enable external CAS authentication server with main purpose to support EU Login CAS server
• EDELIVERY-6307: Enhance security for admin pages of the SMP console
• EDELIVERY-6317: Uploaded files shall be scanned by antivirus software.
• EDELIVERY-6496: Replace log "engine" Log4j with logback (sync with other eDelivery blocks) and upgrade libraries to the latest versions
• EDELIVERY-8801: Alert management: Login failure alerts 
• EDELIVERY-8802: Alert management: Certificate expiration alerts
• EDELIVERY-8803: Alert management: Username/password and access token expiry alerts
• EDELIVERY-8806: Force change password when expired
• EDELIVERY-8984: X509 Certificate Policy extension validation
• EDELIVERY-9011: Implement SSLClientCert authentication
• EDELIVERY-9253: Feature to update SMP configuratuion via UI with the system admin role
• EDELIVERY-9300: Enable creating partyIdentifier without scheme

Fixed bugs

• EDELIVERY-6583: Problem with workaround for the GRP:SPACE test in the Metadata URL
• EDELIVERY-8907: Wrong ebCore party identifier serialization in XML response
• EDELIVERY-9318: Registering redirect service metadata via UI fails
• EDELIVERY-9328: A successful message should be seen after added a trust store certificate

Known issues and limitations

• [EDELIVERY-9739] - The user is removed as owner of the Service Group after editing the SG extension

For more information, please contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu