Description

We are happy to announce the release candidate Service Metadata Publisher (SMP) 4.2 RC1. SMP is the sample implementation of an eDelivery Service Metadata Publisher (SMP) by the European Commission.

SMP 4.2 RC1 includes the following new features and fixed bugs:

• Enable the UI user authentication using an external CAS authentication server

• Separate UI login credentials and Rest service credentials (access tokens)

• Extension framework: SMP now has the option to deploy custom extensions for payload security verification (whatever is uploaded is checked so that it doesn't have any malware)

• Alert features: SMP has a feature that sends email notifications for alerts (e.g., when credentials are about to expire, failed logins, etc.. )

• System admin upgrade: properties can be now configured from the UI, not just from configuration files

• System admin REST services are now accessible under the distinct URL path, which can be secured via a firewall so that all system administration services are not exposed to the internet.

• Support for multivalued RDN certificates for authentication to SMP.

• Implement SSLClientCert header authentication (base64 encoded X509Certificate) when authenticating the client for the REST API via reverse proxy. 

• Implement X509 certificate policy validation.

• Support participant identifiers without the scheme.

• Replace logging framework from Log4J to SLF4J

• Various security enhancements.

Fixed bugs:

• Fixed the space character URLs encoding   in service-group response

• Wrong ebCore party identifier serialization in XML response

• Registering redirect service metadata using the UI tools failed.

Supported platforms:

• Application servers:
• • Apache Tomcat 8
  • WebLogic 12.2
• Database:
  • MySQL 5.7 or above
  • Oracle 11g+
• Java:
  • Oracle JRE8

Documentation

Migration from SMP 4.1.2 to 4.2 RC1

In order to upgrade to SMP 4.2 RC1, please follow the steps:

• MySQL or Oracle migration scripts have to be manually executed in DB prior to re-deployment of new WAR version. Scripts are located in smp-setup.zip.

Release notes

Please find below the list of new features, improvements, solved bugs and known limitations.

Improvements and new features

• EDELIVERY-6180: Supporting multivalued RDN certificates in SMP
• EDELIVERY-6306: Enable external CAS authentication server with main purpose to support EU Login CAS server
• EDELIVERY-6307: Enhance security for admin pages of the SMP console
• EDELIVERY-6317: Uploaded files shall be scanned by antivirus software.
• EDELIVERY-6496: Replace log "engine" Log4j with logback (sync with other eDelivery blocks) and upgrade libraries to the latest versions
• EDELIVERY-8801: Alert management: Login failure alerts 
• EDELIVERY-8802: Alert management: Certificate expiration alerts
• EDELIVERY-8803: Alert management: Username/password and access token expiry alerts
• EDELIVERY-8806: Force change password when expired
• EDELIVERY-8984: X509 Certificate Policy extension validation
• EDELIVERY-9011: Implement SSLClientCert authentication
• EDELIVERY-9253: Feature to update SMP configuratuion via UI with the system admin role
• EDELIVERY-9300: Enable creating partyIdentifier without scheme

Fixed bugs

• EDELIVERY-6583: Problem with workaround for the GRP:SPACE test in the Metadata URL
• EDELIVERY-8907: Wrong ebCore party identifier serialization in XML response
• EDELIVERY-9318: Registering redirect service metadata via UI fails
• EDELIVERY-9328: A successful message should be seen after added a trust store certificate

For more information, please contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu