Download

Axway API Gateway | Readme

Axway API Gateway 7.2.0 SP2 Readme

Document version: 06 December 2013



Readme for Axway API Gateway 7.2.0 SP2

This Readme applies to Axway API Gateway 7.2.0 SP2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects.

This service pack contains updates for:

Note

File Packages: An installation archive is provided for all platforms, for example, APIGateway_7.2.0_SP2_Core_win-x86-32_BN20131206.zip for Windows.

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Case ID Internal ID Description
Upgrade McAfee Anti-Malware Engine to version 5600
Previously, API Gateway used version 5400 of the McAfee Anti-Malware Engine.
Now, it uses version 5600 of the McAfee Anti-Malware Engine.
Changes to OAuth Application Scope Management
Previously, scopes were associated with client applications implicitly by adding OAuth protected APIs during client registration.
Now, scopes are added explicitly from a list of available scopes, where the list of available scopes is generated from static scopes defined in OAuth Security Devices attached to APIs. It is also possible to add freeform scopes to client applications to cater for dynamic scopes (selectorized scopes in Security Devices). Existing applications can be updated with the migrateScopes.py script.
686639 109025 Upgrading 7.1.1 configuration to 7.2 imports KPS with same names
Previously, the alias ClientApplicationRegistry was not unique. Aliases must be unique in group configuration. Alias pointed at Imported_ClientApplicationRegistry after the upgrade, which was not unique.
Now, after the upgrade the alias Imported_ClientApplicationRegistry is unique and the duplicate no longer exists.
16400 109039 Policy Studio will not allow blank entry for Authorization Attribute in an LDAP Authentication Repository
Previously, when adding an LDAP repository under the Authentication Repository in External Connections in Policy Studio, the Authorization Attribute in the configuration dialog could not be left blank, and an error dialog was displayed: "You must enter a value for authorization attribute."
Now, the Authorization Attribute of the Authentication Repository configuration dialog in Policy Studio can be left blank.
109042 Adding a port as a filter option in Traffic Monitor inserts a comma after the first digit
Previously, when adding a port as a filter option in Traffic Monitor it inserted a comma after the first digit. This was not visible when the filter was added, but visible when you clicked to edit the port number.
Now, the formatting parameters have been updated, and no commas are used.
109061 Sending a report to an email address specified in the Analytics GUI does not take effect
Previously, when you entered an email address to send a report to in the Analytics GUI, it did not take effect. Instead, the email address specified in the configureserver command was always used.
Now, the email address used in configureserver is an optional global default to which all reports are sent, that is, it can be unset.
109071 SFTP poller causes thread leak and resource consumption
Previously, the FTP poller did not terminate threads for each poll session when finished. These threads accumulated until the system resources were exhausted.
Now, the FTP poller correctly terminates threads for each poll session when finished.
685192 109105 Policy package does not add the variables used within the Compare Attribute filter to create the package
Previously, the Compare Attribute filter did not create the required attributes used in the filter, and they did not come up as an option when creating the policy package .
Now, the Compare Attribute filter generates the list of required attributes used in the filter.
690989 110455 OAuth database schemas listed in the API Server User Guide for 7.2 are missing table names for oauth_authz_code
Previously, the API Server User Guide was missing database table names required for the OAuth database schema.
Now, the OAuth User Guide includes the required details on database tables.
690423 110461 Customer wants to upgrade a KPS using a DB back-end from 7.1 to 7.2
Previously, there was no documented upgrade process and there were entity store upgrade bugs for DB upgrade.
Now, the upgrade process is documented in the KPS Migration Guide and the bugs have been fixed.
689377 110652 libxml warning at line 0: XPath complexity limit exceeded
Previously, the System Setting entities in multiple NetServices did not migrate correctly to single Default System Settings from 5.2.8 to 7.2.1. This meant that any changes made in the Policy Studio > Settings were not reflected in the Default System Settings.
Now, the System Settings values in multiple NetServices are correctly transfered to Default System Settings when migrating federated store to 7.2.2. Also Policy Studio updates the Default System Settings as required.
110962 PGP help looks like it is not current
Previously, the API Server online help and documentation for the PGP filters did not reflect the latest user interface.
Now, the PGP help and documentation has been updated to reflect the latest screens.
692960 111247 startinstance -s is starting an instance instead of just checking status
Previously, options for the startinstance command were not documented in the API Server User Guide.
Now, these options are documented in the API Gateway User Guide.
693221 111499 Save file crashes with large file from FTP poller
Previously, the Save To File filter failed to save large files and caused the API Server to crash.
Now, the Save To File filter correctly processes large files and the file size limit is set by the user.
694525 111872 POP3 Mail Server listener Poll Rate Limit
Previously, the POP Mail Server dialog in Policy Studio had a poll rate limit of 65535 milliseconds, which is much too low.
Now, the poll rate limit can be much higher.
112291 API Server-File Transfer: Directory expiry cannot be set to never expire
Previously, the File Transfer Service dialog in Policy Studio presented the user with the following error when they attempted to set the directory expiry to 0 seconds: "You must enter a value for fileExpiry."
Now, you can set a value of 0 seconds for directory expiry in the File Transfer Service dialog. This means that the directory never expires.
695033 112394 Reflect Message only changes the response status but not the information
Previously, the Reflect Message filter was not setting the HTTP status message to match the response code set by the user. For example, changing a 200 OK response from the back-end to a 500 error caused it to return 500 OK to the client.
Now, the Reflect Message filter always sets the status message to match the response code set by the user. Also the http.response.info message attribute is set respectively.
112422 Jython file diskinstancemanager.py contains an invalid file for Oracle API Gateway edition
Previously, diskinstancemanager used an invalid file reference in Oracle API Gateway edition (/posix/samples/etc/init.d/enterprisegateway).
Now, diskinstancemanager references the correct file in Oracle API Gateway edition (/posix/samples/etc/init.d/apigateway).
695838 112450 Add XML Node filter crashes API Server when using attribute saved and trace @ DATA or DEBUG
Previously, a crash was caused by message content being purged too early. This issue was brought to light by the invocation of the StringToBody coercer (converting ${bgc.content.body} from com.vordel.mime.XMLBody to java.lang.String) which was attempting to access message content that no longer existed. This was only an issue at DATA trace.
Now, content is reference-counted so that it is no longer purged too early. This prevents the crash from occurring.
694726 112564 Connecting to the API Server Analytics browser home when the DB back-end is MS SQL results in a CONCAT error
Previously, API Server Analytics reported a CONCAT error with MS SQL Server 2012 and earlier versions.
Now, API Gateway Analytics no longer produces a CONCAT error for MS SQL Server 2012 and earlier versions.
693747 112610 Vordel XML Gateway type present in configuration after upgrade from 5.2.8 to 7.2.0
Previously, the System Setting entities in multiple NetServices did not migrate correctly to single Default System Settings from 5.2.8 to 7.2.1. This meant that any changes made in the Policy Studio > Settings were not reflected in the Default System Settings.
Now, the System Settings values in multiple NetServices are correctly transferred to Default System Settings when migrating federated store to 7.2.2. Also Policy Studio updates the Default System Settings as required.
696310 112614 Windows install of API Server crashes when deselecting certain Traffic Monitor options and viewing transactions
Previously, accessing the Traffic Monitor UI for trace on transactions that had not recorded HTTP trace information could cause the server to crash due to a bug in the REST interface.
Now, the absence of trace and data in the datastore is safely ignored by the transaction monitor REST interface.
696293 112627 The group level metrics of analytic report is doing sum instead of averages
Previously, Metrics Processing Time Average used the maximum average processing time for a service. Furthermore, when finding the maximum over several services, it used the maximum from each service.
Now, the Metrics Processing Time Average computes the average processing time for a single service, and computes the average when looking at multiple services.
112660 Error setting up database metrics (apiserver) is cryptic and unhelpful
Previously, if the API Server connected to an existing database that was used with a different topology, the error returned was "Domain ID mismatch; check your database connection."
Now, the error returned is "Cannot connect to the configured database with your current topology because the database already contains data from a different topology."
696281 112717 Add XML Node filter fails when inserting node that was removed earlier in the policy
Previously, the Add XML Node filter failed when inserting a node that was removed earlier in the policy.
Now, the Add XML Node filter correctly inserts a node that was removed earlier in the policy.
112957 API Server Analytics email subject line contains a variable for the date and not the actual date
Previously, reports were emailed with a subject line containing a replacement string, for example, Subject: systems-1day-${yyyyMMdd}.pdf.
Now, reports are emailed with a subject line containing the friendly name of the report, for example, System Resources.
697445 113125 Patch upgrade should remove previous patches, also no need to migrate configuration coming from 7.2.0
Previously, the API Server Installation Guide did not include enough information on patching existing installations.
Now, the Release Notes and Readme include more detail on patching (for example, you must remove previous patches and do not need to upgrade configuration).
697587 113160 Gateway stops responding after repeated requests
Previously, when a large number of services were present, generating statistical information via the reporting REST interfaces could take inordinate amounts of time and hold up other server operations during request processing, due to inefficiencies in the algorithms used.
Now, the processing of these requests is handled in a much more efficient way and works well for previously pathological workloads.
698115 113426 SSLException: 536 Data connection protection clear not supported
Previously, the FTPS Poller and the File Upload/File Download filters supported only the PROT C command and failed to connect to a FTPS server where a different PROT command was required.
Now, the FTPS clients support all PROT commands according to RFC2228. Users can also specify values for both PROT and PBSZ commands in the API Gateway FTPS Poller and the File Upload/File Download filters.
113588 API Service Manager support for parameters has changed, need to update User Guide with workaround
Previously, the Getting Started section in the API Server User Guide did not include how to create a policy package to handle parameters.
Now, the Getting Started section has been updated with these steps.
696625 114048 Filter LDAP RBAC never fails
Previously, the Retrieve From Directory Server filter returned true by default when no results were returned from LDAP.
Now, the Retrieve From Directory Server filter returns false when no results are returned from LDAP.
114265 OCSP: Incorrect serial number sent by API Server to OCSP responder
Previously, some X.509 certificates appeared to have a negative serial number under certain circumstances, including when presented to an OCSP responder.
Now, serial numbers with high bits set are handled properly, and serial numbers are properly forwarded and displayed from the native cryptographic provider.
114548 Add online help to Configure Regular Expression
Previously, online help was missing for the Configure Regular Expression dialog in the Validate Selector Expression filter.
Now, online help is available for this feature.
114681 Amazon EC2 Instance loses connectivity after applying software updates
Previously, if software updates were applied to the AMI image, the details of the kernel location were also updated as per hardware appliance functionality. This update was not required for the AMI image and in fact caused an issue where the system did not boot.
Now, the update mechanism checks if the updates are being carried out on an AMI image, and does not alter grub configuration in this case.
698926 114764 FTP connections are blocked and the server has to be restarted to resume transactions
Previously, all the JMS consumer threads could get into a blocked state if the network was shutdown with all threads processing. There was no timeout set in the FTP client socket to handle this situation.
Now, the FTP/FTPS/SFTP client connect timeout is set to a value defined in the active timeout attribute of the API Gateway system settings.
701757 114767 Reflect Message does not have an option to update the HTTP reason phrase
Previously, the Reflect Message filter was not setting the HTTP status message to match the response code set by the user. For example, changing the 200 OK response from the back-end to a 500 error caused it to return 500 OK to the client.
Now, the Reflect Message filter always sets the status message to match the response code set by the user. Also, the http.response.info message attribute is set respectively.
114769 Amazon LOCKDOWN AMI unable to run service command as root after using sudo -s
Previously, it was not possible to run the service command as root if the admin user ran sudo -s.
Now, it is possible to run the service command if the user specifies /sbin/service.
114839 Deleting a group results in java.util.ConcurrentModificationException
Previously, when managedomain was used to delete a group, an exception always occurred: Node Manager error: Unexpected exception: java.util.ConcurrentModificationExcept. The Group was still deleted successfully.
Now, no exception occurs when deleting a group using managedomain.
114869 Metrics Processing Time Average uses largest value as average
Previously, in Analytics and API Server Manager, Metrics Processing Time Average used the largest value as the average value.
Now, in both Analytics and Manager, the API services and remote hosts are properly aggregating processing time average.
701231 114909 Traffic Monitor: Specify detailed time interval filter does not work (no results when there should be)
Previously, numeric values in the Transaction Monitor REST interface were not compared correctly for the "<" and ">" arithmetic operations.
Now, handling of numeric values is fixed, and they are correctly compared.
115222 managedomain --remote-port option required for use of non-default management port
Previously, the managedomain --remote-port option was required to use a non-default management port to connect to the Admin Node Manager.
Now, managedomain correctly reads and uses the management port from topology when connecting to the Admin Node Manager.
700950 115243 File Upload filter is not handling remote directories on virtual file systems correctly
Previously, the File Upload filter failed to upload files to some SFTP servers, because it incorrectly identified that a directory with the same name already existed.
Now, the File Upload filter successfully uploads files with Java Secure Channel version 0.1.50 (jsch-0.1.50.jar).
703818 115525 Cannot use member.id in Resource Owner Credentials filter
Previously, the callout policy to authenticate the resource owner in the OAuth resource owner password flow was not returning the subject to create the token with.
Now, the callout policy correctly returns the authenticated subject, and the OAuth access token is generated for the returned subject.
115699 Directory Scanner Null Pointer Exception with Traffic Monitor disabled
Previously, if Traffic Monitor was disabled, the Directory Scanner threw a NullPointerException on processing a file.
Now, files can be processed as normal by the Directory Scanner when the Traffic Monitor is disabled.
704714 115884 FTP connections are blocked and the server has to be restarted to resume transactions
Previously, all the JMS consumer threads could get into a blocked state if the network was shutdown with all threads processing. There was no timeout set in the FTP client socket to handle this situation.
Now, the FTP/FTPS/SFTP client connect timeout is set to a value defined in the active timeout attribute of the API Gateway system settings.
115889 SFTP load test memory leak
Previously, when testing FTP services/pollers, the API Gateway process would leak memory and eventually terminate.
Now, the memory leaks in the Save To File filter have been resolved, which prevents the API Gateway from running out of memory.
115910 Invalid reference to Socket Connection Timeout in API Server User Guide
Previously, the API Server User Guide mentioned the Socket Connection Timeout setting, which is no longer available in the user interface.
Now, this setting has been removed from the API Gateway User Guide.
704580 115928 EncodingType attribute in wsse:Nonce element was not validated
Previously, the API Gateway was not checking the EncodingType attribute in the wsse:Nonce element when validating a WS-Security Username Token.
Now, the API Gateway checks the EncodingType attribute in the wsse:Nonce element and shows a warning if the attribute indicates an unknown encoding format.
705744 116173 Gateway core dumps in libvxml2 under heavy load
Previously, the Attribute Extract XPath filter crashed under heavy load.
Now, the Attribute Extract XPath filter correctly handles data in memory under heavy load.
116575 managedomain --regen_certs option should handle a missing passphrase error better
Previously, managedomain with the --regen_certs option showed a non-user friendly error message (exception with stack trace) caused by a missing or incorrect passphrase.
Now, managedomain with the --regen_certs option shows a user friendly error message for a failure loading the PKCS12 file, where a passphrase is required or incorrect.
116944 managedomain usability issues with option 24 (certificate regeneration)
Previously, managedomain (option 24, certificate regeneration) checked if the Admin Node Manager was still running, and only interrupted after requesting an input from the user.
Now, managedomain (option 24, certificate regeneration) checks if the Admin Node Manager is still running before requesting any input from the user.
117053 Small Windows heap needs some help to load a JVM with a reasonable maximum memory limit
Previously, the API Gateway had a preset Java MaxHeapSize of 512MB, which is not sufficient for production deployments.
Now, the JVM MaxHeapSize depends on the available system resources. If the API Gateway Windows executables fail to start, due to not being able to allocate their heap, add the setting <VMArg name="-Xmx512m"/> to the file INSTALL_DIR/system/conf/jvm.xml.
708228 117114 Inconsistency for SAML issuer name list and trusted issuer list
Previously, when editing the Insert SAML Attribute Assertion, Insert SAML Authentication Assertion, and Insert SAML Authorization Assertion filters, a list of the certificate aliases was shown in the Issuer Name drop-down menu in Policy Studio.
Now, when editing the Insert SAML Attribute Assertion, Insert SAML Authentication Assertion, and Insert SAML Authorization Assertion filters, a list of the certificate subject DN names is shown in the Issuer Name drop-down menu in Policy Studio.
117168 Files under instance-1/conf/opsdb.d are not being purged correctly
Previously, when testing the FTP service, Traffic Monitor files were not being purged correctly and the API Gateway would eventually run out of memory.
Now, disposers have been added to the FTP service to guarantee messages, and corresponding correlation IDs have been deleted. This prevents the API Gateway from leaking memory, and also fixes the purging of Traffic Monitor files.
117215 No Help information on the Bind the Certificate at Runtime option for HTTPS certificate option
Previously, when configuring an HTTPS interface, the online help did not explain the Bind the certificate at runtime option.
Now, this setting is documented in the online help.

Installing the service pack

This section describes how to install the service pack on an existing installation of API Gateway.

To install a new API Gateway installation from scratch without an existing installation, see the API Gateway Installation and Configuration Guide.

To install the service pack, follow these general guidelines:

  1. Stop the servers.
  2. Back up your existing installation.
  3. Unzip and extract the service pack. The service pack contains new binaries only and does not overwrite the existing configuration.
  4. Restart the servers.

Installing the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.2.0 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or ../ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.2.0 SP2 Core over the apiserver directory within your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP2_Core_linux-x86-64_BN20131206.tar.gz -C /opt/Axway-7.2.0/apiserver/

Note

Installing the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.2.0 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway User Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or ../ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.2.0 SP2 Analytics over the analytics directory within your existing API Gateway 7.2.0 installation directory. For example:
  4. tar -xzvf APIGateway_7.2.0_SP2_Analytics_linux-x86-64_BN20131206.tar.gz -C /opt/Axway-7.2.0/analytics/

Note

Installing the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Delete your existing Policy Studio installation directory (for example, INSTALL_DIR\policystudio).
  2. Use the API Gateway 7.2.2 installation executable to install Policy Studio into the same directory.

Note

Installing the API Tester service pack

To install the service pack on your existing API Tester installation, perform the following steps:

  1. Delete your existing API Tester installation directory (for example, INSTALL_DIR\apitester).
  2. Use the API Gateway 7.2.2 installation executable to install API Tester into the same directory.

Installing the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Delete your existing Configuration Studio installation directory (for example, INSTALL_DIR\configurationstudio).
  2. Use the API Gateway 7.2.2 installation executable to install Configuration Studio into the same directory.

After installation

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. 64-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  3. 32-bit installation

    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/i386/server:$VDISTDIR/$DISTRIBUTION/jre/lib/i386:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to to allow the API gateway to listen on privileged ports.

Note


Related documentation

Axway API Gateway is accompanied by a complete set of documentation, covering all aspects of using the product. These documents include the following:

Axway API Gateway documentation

Axway 5 Suite documentation

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide support 24/7. You can find all support numbers by country on Axway Sphere at https://support.axway.com.

In addition, you can download the latest information from Axway Sphere relating to Axway API Gateway including:

For more information about Axway training services, go to: www.axway.com.


Copyright © Axway Software 2013
All rights reserved