Skip to content

Configure system settings

Settings allows you to configure system settings for your ActiveServer instance. Settings has 3 tabs:

3D Secure 2

The 3D Secure 2 tab has 2 sections:

Settings

  • External URL - externally accessible URL, used for authentication callbacks and product activation. The URL can be populated with the form of https://"your ActiveServer domain name":"server port number", e.g. https://paymentgateway.com:8443. The server port number in the URL pattern is the as.server.http.port or as.server.https.port value (depending on the protocol being used) set in the ActiveServer configuration file.

    Warning

    Updating the External URL will also initiate an update of the 3DS Server URL in the Directory Server settings for each card scheme. If the 3DS Server URL value is empty for any card scheme, it will be updated to use the new External URL value, with the HTTPS listening port value also being appended. If the 3DS Server URL value is already set, no changes will be made.

    This is to assist with the setup process as these URLs are generally the same. If your architecture setup has a separate URL assigned for the 3DS Server URL, this setting should be updated before performing a transaction.

    Tip

    For a load-balanced setup, this URL may be different to the URL pattern described above and there may be a separate admin UI interface URL that has been configured. Please make sure that the load-balancer for the External URL forwards the requests to the server ports mentioned above.

    E.g. If the URL https://paymentgateway.com has been configured for server callbacks and https://admin.paymentgateway.com has been configured for admin UI interface requests, then https://paymentgateway.com should be used for the External URL.

  • API URL - URL used to receive authentication and administration API calls. The domain name of this URL will also be used to generate client certificates for the authentication of APIs (x.509). If it is not provided by default ActiveServer will use the domain name in the External URL for client certificate generation. Note this URL does not have to be publicly accessible. The form of the URL is the same as the External URL, with the port number being the "api port".

  • Cache refresh interval - interval in which the PRes cache refreshes for all available card schemes. The PReq/PRes messages are utilised by ActiveServer to cache information about the Protocol Version Numbers(s) supported by available ACSs, the DS, and also any URL to be used for the 3DS Method call. The data will be organised by card range as configured by a DS. The information provided on the Protocol Version Number(s) supported by ACSs and the DS can be utilised in the App-based, Browser-based and 3RI flows. It is a 3DS2 specification requirement that this exchanges happens at least once every 24 hours and at most every hour.

Timeouts

  • Preparation Response (PRes) - timeout interval for the PRes message
  • Authentication Response (ARes) - timeout interval for the ARes message

Security

  • Session timeout (read only) - interval a login session is valid for before expiring and requiring the user to enter their login credentials again. By default, the session timeout value is 900 sec (15 min) and is loaded from an internal setting. To change this setting, add the following line into the application-prod.properties file and restart the instance:

    1
    as.settings.session-timeout={time in seconds}
    

    For example, to set the session timeout to 1800 seconds (30 minutes), add as.settings.session-timeout=1800.

    Important

    The value must be a positive integer in the range of 300 ~ 3600 seconds (5 ~ 60 minutes).

  • Session failed attempts - number of failed login attempts permitted before login is temporarily disabled for the time specified by the session lock time. After the time has elapsed, the session can be re-established by providing the correct credentials (unit: attempts)

  • Session lock time - interval a user will be locked out for if they exceed the failed login attempts amount (unit: minutes)
  • Password expiry period - number of days a password is valid for before requiring a new password to be created (unit: days)
  • Password history check - number of unique passwords required to be used before a specific password can be used again (unit: unique passwords)
  • Force two factor login - enable or disable two factor authentication for login for all users on the server. ActiveServer uses Google Authenticator to provide two factor authentication for users. If this setting is enabled, any user who does not have two factor authentication already set up for their account will be forced to set it up on their next login before being able to use any system functionality. Steps to set up the Google Authenticator are provided on screen.

Rotate key

Shows the current encryption key's creation date and allows the user to rotate the key used by selecting Rotate key.

HSM

This feature allows the user to update the HSM PIN if it has been changed:

  • Full file name and path of PKCS#11 library - this value is read from the application-prod.properties and can only be changed by updating the application-prod.properties file and restarting the server.
  • Slot number of HSM - this value is read from the application-prod.properties and can only be changed by updating the application-prod.properties file and restarting the server.
  • HSM PIN - allows the new HSM PIN to be entered.

Selecting the Test HSM connection button will attempt to connect to the HSM using the inputted HSM PIN. If the test is successful, the system will show "HSM connection successful", otherwise "Invalid HSM Pin" will be shown.

Selecting the Update button will update the database with the HSM PIN value. Restarting the server is required after updating.

Warning

The system will update the HSM PIN regardless of the test result. This is to allow the PIN to be updated in the ActiveServer database before the HSM PIN is changed if required. Make sure the right PIN is entered before updating the system, as having the wrong HSM PIN will cause transactions to fail.

Tip

The HSM PIN management will only be shown if a HSM is in use.

Version 1.0.4

This feature was added in the version 1.0.4 release.

System

  • Log level - verbosity of the console output and system logs. Possible values in least verbose to most verbose order: ERROR > INFO > DEBUG.