Patch Notes for IBM WebSphere Business Integration Connect - Express Fix Pack 1

Description

Mime parsing error on received MDN

When receiving a signed message to verify the signature, Connect Express was using the certificate present in the message instead of using the certificate from Connect Express's certificate store. The code has been fixed to use the uploaded signature verification certificate.

Bad certificate error on duplicate certificates

When there are two different certificates present in the certificate store from the same certifying authority, Connect Express gets confused in picking the right certificate.  With this fix, Connect Express uses the certificate Serial Number to aid in the selection of the desired certificate.

Timeout problem when a document is routed from Express to a trading partner

If a trading partner takes a long time to process the message and send the MDN back, Connect Express will read time out and fail with the message "Timed out waiting for MDN, Waited 10 Minutes".  There are two timeout values you can use to change the operation of Connect Express.
One is the synchronous/socket connection time-out. This is in bcg.properties and is in milliseconds.
bcg.connector.sender.as2.parm.SyncMDNtimeout=60000
 
The second time-out is an asynchronous MDN timeout. This property is partner specific and will be in partner.properties file. The value is in minutes.

bcg.connector.sender.as2.parm.MDNTimeout=10
For proper functioning this value should be less than or equal to SyncMDNtimeout.

Connect Express expects UserId/ Password for basic authentication

Connect Express V4.2.1 required basic authentication for incoming AS2 messages while the AS2 specification does not require this. Due to this inconsistency, other systems such as UCCnet that do not support basic authentication cannot operate with Connect Express. This fix makes authentication configurable to enable users to decide whether Connect Express requires basic authentication for the incoming AS2 message or not. Basic authentication should always be used for HTTP posting.

With this fix, Connect Express has three different options:
1) Don’t use HTTP basic authentication
The AS2 Id will be used for the partner identification and routing information. For AS2 transport authentication the userid and password are not used. The property values should be:

bcg.connector.servlet.RequireAS2BasicAuth=false

bcg.connector.servlet.UseBasicAuthenticationUID=false

2) Use HTTP basic authentication for simple id/pw authentication
This behaviour is needed if the AS2 transport also needs to be authenticated with userid and password. Configuring the HTTP authentication for Inbound and Outbound is needed. The partner is identified by AS2 Id. The property values should be:

bcg.connector.servlet.RequireAS2BasicAuth=true

bcg.connector.servlet.UseBasicAuthenticationUID=true

3) Use HTTP basic authentication for simple id/pw authentication and sender determination
This is the default behaviour. The AS2 transport does not use the userid and password for authentication. Userid is used for sender identification for Connect Express. The property values should be:

bcg.connector.servlet.RequireAS2BasicAuth=false

bcg.connector.servlet.UseBasicAuthenticationUID=true

JR19749 : Certificates generated with 'critical' extension

Cyclone AS2 servers could not use self-signed certificates generated by Connect Express.  This fix allows Cyclone AS2 servers to use self-signed certificates generated by Connect Express to exchange documents with Connect Express.

HTTPS Problem when a document is routed to Express from a trading partner through HTTPS

If the HTTPS url contains only the port number (ex:- https://localhost:5500) no servlet name and no forward slash at the end) then Connect Express fails to post the document to the url and issues the error "message cannot be send to https://localhost:5500". This error has been corrected.