Version 2.0.0

September 12, 2024

What's new

• Performance optimisations for multiple endpoints when handling large datasets.
• Improvements and fixes for sorting logic on paginated endpoints to ensure contiguous responses.
• Comprehensive enhancements to the OpenID provider to support Rich Authorization Requests (RAR).
• Fixed an issue where the back to sign-in button was not clickable after session expiry.
• UI Changes:
• Revamped Navigation & Layout:
• The table views have been completely redesigned as card-based layouts, providing a more modern and visually appealing way to view and manage data.
• The side menu has been enhanced with an expandable feature, offering a more organized structure that allows users to navigate with greater ease and flexibility.
• Improved Menus:
• Previous menu structures have been replaced by tabs, making it faster and more efficient to switch between sections and access relevant features.
• Advanced Search & Filtering:
• Search components and filters have been added to key pages, enabling users to find and filter information faster with improved accuracy.
• Quick Switchers:
• We’ve introduced quick switchers for organisations, servers, and applications, allowing users to seamlessly toggle between entities, saving time and reducing complexity.

Version 1.8.0

July 22, 2024

What's new

• Fixed issue where reactivating an Authority Mapping inside Reference Data was returning an error 500.
• This change corrects a minor error in a JWK field name in the keystores JWKS file, changing the x5t#256 field to RFC-7517 compliant x5c#S256.
• Upgrade infrastructure for Directory persistence store.
• API Resources update:
• Add support for soft deletions of api resources.
• Remove hard deletions of api resources.
• Support re-activation of api resources that have been soft deleted.

Version 1.7.0

July 01, 2024

What's new

• Fix deprecatedDate and retirementDate field format on the participants endpoint to align with the expected format YYYY-MM-DD instead of list elements.
• Updated accepted format for API webhook Uri’s to also accept URLs with only one character after slash.
• Minor UX improvements for Domain user administration.
• Enhance visibility conditions for Advanced Software Statement configuration options in the UI.
• Now visible for software statements with a Directory type role or on all software statements when viewed as a super user.

Version 1.6.0

June 10, 2024

What's new

• Improved error message for invalid certification URI to specify the expected format.
• Modify the Regular Expression of the API Webhook URI field of Software Statements
• Pentest Fixes:
• Improve password reset functionality to prevent user password enumeration and email flooding attack vectors.
• Added additional layers of sanitization to reject unsafe user input before it is handled.
• Improve error messages to obfuscate cloud service specific information.

Version 1.5.4

April 18, 2024

What's new

• Fixed issue where Family Complete field in API Resources wasn't being correctly updated.
• Field "API Webhook" for Software Statements is now available.
• Improve user error message for empty values in login.
• Flags are now available to configured for Organisations, Authorisation Servers and Software Statements. Flags are enabled in Reference Data and then available to be added by all users with write access to these resources.

Version 1.4.0

March 13, 2024

What's new

• Domain/Technical Users are now configurable in Reference Data. They can be set up by a Global Admin.
• Fixed issue where Family Complete field in API Resources wasn't being correctly updated.
• Adjusted UI label for field "UserEmail" inside the Organisation Administrators modal. It's now "Email".
• Fixed issues in API Resources when an API had two different mandatory versions.
• Fix API behaviour to disallow changing of certification types and variants, in line with UI and data layer.

Version 5.17.0

August 22, 2023

What's new

• Platform Improvements:
• Improved icons for all actions
• Added SS and Org. Certificates “Show Active Only” default filter
• AS Server Certifications Dates are now shown in one field
• Removed unused Resource Server Transport certificate option
• Fixed issue where users couldn't be added to the same "System" and different "Contact Roles"
• OpenID Provider (Login) codebase has been upgraded

Version 5.13.0

July 20, 2023

What's new

• Role Audit: History of role updates will be displayed in the UI to organisation admins and super users. This is available in Authority Domain Role Claims -> Role Change History
• Participants UI: We've released a user interface for the participants endpoint. This will allow users to quickly verify information that is available on the endpoint in a friendlier way. It can be accessed in "web.sandbox.directory.opinbrasil.com.br/participants" or "web.sandbox.directory.opinbrasil.com.br/participants"
• UI / UX changes:
• Toggle actions will now only display the available action, reducing confusion

Version 5.7.0

May 31, 2023

What's new

• Open Data Automatic Recertification Implementation: Endpoints will be tested on a specific frequency and API Certification Status field will be updated. Test will now also send the organization_id value.
• Added new Software Statement API Webhook field.
• Added new CAs: Serasa SSL EV V4 and CertiSign SSL EV G4
• Updated role permissions: Admins can add or re-add roles but can't remove and FORTEC providers can't add other roles.
• Super Users will now have the capability to reissue completed Terms and Conditions.
• UI / UX changes:
• Added Created dates for Authorisation Servers and Software Statements
• Added Deactivated dates for organisation and software statement certificates. These will only appear for certificates deactivated after the release.
• Added "new" label to recently added (3 days) certificates.
• Improved display for Authorisation Server "Supports" columns and warning message.
• Added a sign-posting tooltip icon to guide users when creating a new API Discovery Endpoint

Version 5.4.1

May 02, 2023

What's new

• Added 2 New APIs
• Environment Super Users will now be listed in the reference data (only available to other Super Users)
• For Super Users, process of unlocking a Software Statement is now easier: Instead of the button being inside “Software Statement Detail”, it’s on the Actions column

Version 5.0.1

April 04, 2023

What's new

• Improved API registration for phase 2 / 3 APIs. Endpoints are now automatically generated after base URI and version is added
• Added phase 2 and phase 3 APIs for registration:
• Insurance-pension-plan
• Insurance-life-pension
• Insurance-person
• Quote-responsibility
• Quote-rural
• Quote-auto
• Quote-housing
• Quote-acceptance-and-branches-abroad
• Quote-transport
• Quote-financial-risk
• Small UI improvements

Version 4.7.1

March 02, 2023

What's new

• Updated Software Statement Certifications to match OIDF’s table
• Added “endorsement” and “claim” APIs
• Update clients endpoint to rename software_statement_id and terms_of_service_uri back to RFC7591 names
• Created new Auth Server "Server Certification" type for manual verification service providers

Version 4.0.0

January 10, 2023

What's new

• CertiSign’s SSL EV3 is now accepted on both the Keystores and Directory Gateway
• Added “x5dn” field on the Directory JWKS
• Implemented read-access policy for Organisation Admins / Domain Users to enable suppliers access to this information via APIs
• Improved UI of the API resources page, improving load time and usability
• Authorisation Server’s List columns of “Supports DCR”, “Supports CIBA” now are properly updated when a server certification is added. Also created a new “Supports Redirect” column

• Improved “Sorting” on organisation views

Release Notes - Directory

Version 3.15.1

Sandbox: November 25, 2022

Production: December 01, 2022

What's new

• Features:
  • Added phase 2 APIs:
  • Insurance-responsibility
  • Insurance-financial-risk
  • Insurance-acceptance-and-branches-abroad
  • Insurance-rural
  • Insurance-auto
  • Insurance-transport
  • PTCs are now able to edit and delete authorisation servers and software statements
  • Added warning labels to Authorisation Servers list whose Security Certifications are missing
  • New optional fields in Authorisation Servers: Deprecated Date, Retirement Date and SupersededByAuthorisationServerID
• UI Improvements:
  • When creating a new Software Statement, correctly display as “required” the field for RedirectURIs
  • Added filter toggle to display and hide organisation level certificates while navigating software statement certificates

Version 3.13.0

Sandbox: October 28, 2022

Production: November 03, 2022

What's new

• Features:
  • Added warning labels to Authorisation Servers list whose Security Certifications are missing
  • New optional fields in Authorisation Servers: Deprecated Date, Retirement Date and SupersededByAuthorisationServerID
  • If a Software Statement is Locked, the UI will now display the Software Statement Assertion when accessing the page
  • Fixed Tags issue not appearing in “Participants” API
  • Added additional countries into SMS field option when creating a new account
  • Created public “unauthorised” page that is displayed when a user ends session while in the account registration process
• UI Improvements:
  • Hid unused “Auto-redirect support” column for Authorisation Servers
  • Added filter toggle to display and hide organisation level certificates while navigating software statement certificates
  • When creating a new Software Statement, correctly display as “required” the field for RedirectURIs
  • Added “click to copy” button for certificate generation commands
  • Added option to download BRCAC_2022 automatic generated configuration for Windows & Linux

Version 3.7.0

Sandbox: October 14, 2022

Production: October 24, 2022

What's new

• Features:
  • Software Statement webhook field is now available. Institutions can register a webhook notification field to receive updates
  • OrganisationName field is returned to user information API response_body
  • Domain Users (PTCs) can now generate software statement and organisation certificates
• Fixed Software Statement Wizard that added wrong Org UID when using the automatic certificate configuration to generate BRCACs
• Turned off access to the old U.I. All requests to the old U.I (ui.directory) will be redirected to the main one and removed warning banner
• Non-ASCII characters are no longer allowed on the field “Name” and “City” while creating new Organisations
• Configured Authorisation Server’s well-known field to be non-mandatory unless specific API resources that require it are added.
• Removed the UI option of generating the old standard for BRCAC on Sandbox.
• UI Improvements:
  • New menu experience when entering the directory for the first time: organisation options menu doesn’t directly appear
  • Active items are now shown first in specific list views such as Organisation Administrators, Authorisation Servers and Software Statements
  • Screens will no longer exit when clicking outside of the view area, reducing issues of exiting without saving
  • New Organisation Domain User: Contact Role field text improved for clarity (i.e PTC to Primary Technical Contact)
  • “Hide inactive organisations” filter added to organisation list
  • Added “Issued Date” field to certificates list table
  • Added menu information tooltips to the organisation menu that will be displayed when hovering
  • Organisation Details date field format display changed to a more user-friendly pattern

Version 3.5.1

Sandbox: September 09, 2022

Production: September 12, 2022

What's new

• PKI Updates (Sandbox):
  • We are addressing a reported issue preventing the new BRCAC_2022 certificate profile being recognised as a valid certificate for token authentication.

Version 3.5.0

Sandbox: September 06, 2022

Production: September 07, 2022

What's new

• PKI Updates (Sandbox):
  • Updated BRCAC certificate to have both new model (called BRCAC_2022) and old. This will allow institutions to generate BRCAC’s with the new “organizationIdentifier = OPIBR-” prefix
  • New BRCAC_2022 certificate can now be used to access the Directory APIs.
• UI Improvements:
  • Reordered Organisation Details page
  • Edited wrong name in Organisation Certificates header page
  • For the new BRCAC Certificate, updated the certificate generator wizard
  • Reference Data field is now only shown to SuperAdmins
  • When creating a new organization, tags and segment options now correctly appear
  • When selecting organization that has no Authority Domain Role Claims, left menu now correctly shows
  • Organisation Domain Users: Added “System” column to improve visibility
  • Renamed field “Authority Claims” inside Software Statements to “Software Authority Claims”
  • Changed “TnC” text to “Terms & Conditions” on directory messages
  • Changed “Legal Name” to “Organisation Name” in Organisation List

Version 3.1.0

Sandbox: August 18, 2022

Production: August 22, 2022

What's new

• Switch new UI and old UI, making the new UI the default. The old UI will still be accessible through the banner link or by directly entering the URL starting with “UI”
• Added initial batch of phase 2 APIs for registration in the directory

Version 2.2.0

Sandbox: August 9, 2022

Production: August 22, 2022

What's new

• Add new U.I, which includes:
  • Security Certifications can be added on both S.S and A.S
  • Wizard facilitating the creation of BRCAC and BRSEAL in Sandbox
  • Wizard facilitating the creation of Software Statements
• Added notification regarding old and new U.I in the navigation bar
• Contact’s phone numbers are now marked as optional

Version 2.0.0

Sandbox: June 14, 2022

Production: June 16, 2022

What's new

• Added registration for the 6 step 3 API family-types
• Implemented release notes section, they can be found at:
  • https://data.sandbox.directory.opinbrasil.com.br/release-notes
  • https://data.directory.opinbrasil.com.br/release-notes
• Administrator user changes email now correctly identify if it’s production or sandbox

Version 1.2.2

April 22, 2022

What's new

• Added the 22 Phase 1 - Step 2 API families on Sandbox Environment.
• Added automated validation for Phase 1 - Step 2 APIs - Users can only register their APIs once the automated conformance test is executed

Version 1.0.4

March 24, 2022

What's new

• Fix for OPI-64 which was raised due to an issue regarding the Participants’ API. As we prepare to push Automatic Certification to production, some institutions endpoint’s stopped showing up in the participants’ API due to configuration changes.
• Deploy automatic certification for production environment
• Added Privacy Policy and Terms & Conditions (OPI-70)
• Minor updates to translations