SMP 4.2 RC1

This page collects the resources for Service Metadata Publisher (SMP) version 4.2 RC1, released in June 2022.

Description

We are happy to announce that the first release candidate of Service Metadata Publisher (SMP) 4.2 RC1 is available. SMP is the sample implementation of an eDelivery Service Metadata Publisher (SMP) by the European Commission.

We invite all users to install SMP 4.2 RC1 in their test environments as early as possible and report any issues they encounter during the upgrade process or during operations to EC-EDELIVERY-SUPPORT@ec.europa.eu. As the final release of SMP 4.2 is scheduled for 30/06/2022, any major issues to be addressed should be reported by 16/06/2022 at the latest.

SMP 4.2 RC1 includes the following new features and fixed bugs:

Enable the
• UI user authentication using an external CAS authentication server
• Separate UI login credentials and Rest
service
• Service (API) credentials (access tokens)
• Extension framework:
SMP now has the option to deploy
• support for custom extensions for payload security verification (
whatever is uploaded is checked so that it doesn't have any malware
• e.g., malware scanning)
• Alert features:
SMP has a feature that sends
• ability to send email notifications for alerts (e.g., when credentials are about to expire, failed logins, etc.
.
• )
System admin upgrade:
• Configuration properties can be now
configured from
• edited in the UI
, not just from configuration filesSystem admin REST services are now accessible under the distinct URL path, which
• Admin UI now accessible using a separate URL, avoiding the need to have it exposed to the Internet (e.g., it can be secured via a firewall
so that all system administration services are not exposed to the internet.
• )
• Support for multivalued RDN certificates for authentication to SMP
.
• Implement
• Support for SSLClientCert header authentication (base64-encoded
X509Certificate
• X.509 certificate) when authenticating the client for the
REST
• Rest Service (API) via reverse proxy
. Implement X509
• X.509 certificate policy extension validation
.
• Support for participant identifiers without the scheme
.
• Replace logging
• Logging framework
from
• : Log4J
to
• replaced by SLF4J
• Various security enhancements
.

Fixed bugs:

• Fixed the space character URLs encoding   encoding in service-group response

• Wrong Fixed wrong ebCore party identifier serialization in XML response

• Registering Fixed registering redirect service metadata using the UI tools failed

SMP 4.2 RC1 is backward compatible with 4.1.x.

Supported platforms:

• Application servers:
  • WebLogic 12.2.1.4
  • Apache Tomcat 8
WebLogic 12
• • .
2
• • 5
  Database
• Databases:
  • MySQL 5.7 or above
  • Oracle 11g+
  • 8 (tested version, future versions might work)
  • Oracle 11 XE and Oracle 19c
• Java 8 for compile, tested to run correctly with:
  • Oracle JDK 8 for WebLogic 12.2.1.4.
  • OpenJDK 8 for Tomcat 8.5
  Java:
  • Oracle JRE8

Documentation

Migration from SMP 4.1.2 to 4.2 RC1

In order to upgrade to SMP 4.2 RC1, please follow the steps:

• MySQL or Oracle migration scripts have to be manually executed in DB prior to re-deployment of new WAR version. Scripts are located in smp-setup.zip.

Release notes

Please find below the list of new features, improvements, solved bugs and known limitations.

Improvements and new features

• EDELIVERY-6180: Supporting multivalued RDN certificates in SMP
• EDELIVERY-6306: Enable external CAS authentication server with main purpose to support EU Login CAS server
• EDELIVERY-6307: Enhance security for admin pages of the SMP console
• EDELIVERY-6317: Uploaded files shall be scanned by antivirus software.
• EDELIVERY-6496: Replace log "engine" Log4j with logback (sync with other eDelivery blocks) and upgrade libraries to the latest versions
• EDELIVERY-8801: Alert management: Login failure alerts 
• EDELIVERY-8802: Alert management: Certificate expiration alerts
• EDELIVERY-8803: Alert management: Username/password and access token expiry alerts
• EDELIVERY-8806: Force change password when expired
• EDELIVERY-8984: X509 Certificate Policy extension validation
• EDELIVERY-9011: Implement SSLClientCert authentication
• EDELIVERY-9253: Feature to update SMP configuratuion via UI with the system admin role
• EDELIVERY-9300: Enable creating partyIdentifier without scheme

Fixed bugs

• EDELIVERY-6583: Problem with workaround for the GRP:SPACE test in the Metadata URL
• EDELIVERY-8907: Wrong ebCore party identifier serialization in XML response
• EDELIVERY-9318: Registering redirect service metadata via UI fails
• EDELIVERY-9328: A successful message should be seen after added a trust store certificate

For more information, please contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu