December 09, 2022

Highlights

Brand Login Pages, Consent Pages, 2FA Screens, and Much More

Cloudentity is excited to announce the release of custom themes. Administrators can now create and assign custom appearance themes to Cloudentity components to brand them according to their company style. This includes the ability to customize consent pages displayed to users during authorization flows, login pages for users that authenticate with Cloudentity Identity Pools, the Demo Application, Error Pages, and more. The built-in editor provides an IDE-like experience and preview capabilities for creating and styling your template HTML code. Branding your Cloudentity components can provide a number of benefits for your business. It helps to establish and maintain a consistent visual identity, which can improve recognition and trust with your customers, partners, and employees. Overall, branding can help to differentiate your business and improve its overall image and reputation.

New Branding - Feature Flag

To enable the advanced branding capabilities, set the themes feature flag to true in your deployment configuration files.

Configuration Export/Import Is Now Easier

We value your feedback at Cloudentity and are always looking for ways to improve our platform. In response to customer requests, we’ve made enhancements to our configuration export and import capabilities to improve performance. We’ve updated our import and export APIs to exclude dynamic and non-configuration objects by default, which speeds up the process. We’ve also introduced a new with_data query parameter that allows users to include these objects in the exported configuration if desired. This provides greater flexibility and control over the export process.

Browse Improved Workspace and Developer Portal Views

To enhance the user experience, we’ve made a number of improvements to the Workspace Manager and Developer Portal views in Cloudentity. These updates provide greater visual clarity, transparency, and searchability for workspaces. Some of the new features include the ability to change the layout from tiles to a workspace list, search for specific workspaces, and see which theme is assigned to each workspace. These updates make it easier and more intuitive to manage and navigate your workspaces in Cloudentity.

Breaking Changes

[ AUT-7344 ] - We’ve updated our import and export APIs to exclude dynamic and non-configuration objects, which speeds up the process. To provide the option to still retrieve these objects, we’ve introduced a new with_data query parameter to the Export Global Tenant Configuration Root API and the Export Tenant’s Configuration System API. When with_data is set to true, these APIs will include dynamic and non-configuration objects in the exported configuration:

• Consents
• ConsentActions
• ConsentGrants
• ScopeGrants
• PrivacyLedgerEvents
• OpenbankingUKConsents
• OpenbankingBRConsents
• OpenbankingFiles
• CDRArrangements
• OpenbankingFDXConsents

Before the change, those fields were populated by default.

[ AUT-7468 ] - Replaced various error messages with a generic FormError struct for all the pages for advanced branding, IDP activate handler, IDP reset password, and IDP login.

Major Additions and Changes

[ AUT-1988 ] - We finished working on SAML application support beta feature. Enterprise software vendors that utilize SAML as a primary Identity Federation protocol can now integrate their SAML apps with Cloudentity.

[ AUT-7365 ] - We now pre-polulate user name on Identity Pools login screan when the IDP discovery feature is enabled.

[ AUT-7514 ] - It is now possible to duplicate an existing theme by specifying the optional source_theme_id query parameter when using the Create Theme API.

A new theme is created (with a unique themeID) and populated with copies of the templates from the theme of the provided sourceThemeID.

Minor Enhancements

[ AUT-6287 ] Display N/A (not available) information on IDPs list in the Token Exchange column for IDPs that don’t have the token exchange support. The enabled/disabled indicator is no longer displayed.

[ AUT-6738 ] Added the following FDX APIs:

• Consent Revocation Related:

  • PUT Revoke Consent to revoke an FDX consent by a consent identifier.

  • GET Retrieve Consent Revocation Record to get consent revocation details for a revoked consent.

  • DELETE Revoke FDX Consent to revoke a single FDX consent by the identifiers of a required consent and the related workspace.

  • DELETE Revoke FDX Consents to revoke all FDX consents per a workspace.

• FDX Management Related:

  • List FDX Consents that returns a list of FDX consents for a workspace.

Additionally, we added the Consent Self-Service and Consent Admin Portals to OpenBanking quickstart project for FDX that utilize management API that were added.

[ AUT-7342 ] Added a new PreferredAuthenticationMechanism attribute to Identity Pools.

When an identity pool has multiple authentication mechanisms enabled, the preferred authentication mechanism is the default one that is displayed when the view loads (password or otp). If not supplied, the first authentication mechanism in the list is used.

Additionally, we unified the behavior of the AuthenticationMechanisms attribute of Identity Pools between the Cloudentity APIs and Admin Portal. For both, the attribute can now be empty. When an Identity Pool’s AuthenticationMechanisms attribute is empty, authentication on the login screen is disabled.

[ AUT-7346 ] - Allow to limit the export function scope to a selected server ID (workspace_id) when using the Export Global Tenants Configuration API.

[ AUT-7362 ] Added ability to configure custom logos by URI for Identity Providers (IDPs). This can be done through:

• By providing the logo_uri field for a particular IDP API.

• Using the logo editor in the Admin Portal’s IDP configuration view.

If a custom logo is added to an IDP, it is rendered in the list of available IDPs on the login page, as well as on the list of IDPs in the Admin UI.

[ AUT-7363 ] - Admins can now modify the order in which the Identity Providers are presented on the login page.

[ AUT-7372 ] - Added an option to disable BruteForce protection per type and tenant

[ AUT-7373 ] - Workspace manager view updates:

• Added new view variants for Workspaces tab - small card, extended card (default), table view

• Added search in Workspaces and Administrative tabs

• Optimized the view for large number of workspaces

• Developer Portals tab view is now available with the table view and search as well.

[ AUT-7406 ] Updated the login views: IDP selection, discovery screen, identity pool login. Allowed enabling multiple Identity Pool IDPs in the UI.

[ AUT-7410 ] Updated the client application views: client creation screen, client list screen, topology view, SAML tab, and import in SAML client.

[ AUT-7480 ] Added new locators for identifiers and addresses fields in the Identity Pools user configuration.

[ AUT-7485 ] Made the number of queries to database constant during configuration export improve the Export Tenants/Export Global Tenants Configuration APIs.

[ AUT-7516 ] The HTTP header Permissions-Policy now disables browser features that the Cloudentity platform does not use.

[ AUT-7549 ] Add support for ETags for all Identity Pools /self and /public APIs.

[ AUT-7556 ] Update permission system quickstart Add information on schema language and a link to docs in schema tab

[ AUT-7562 ] Identity Pools APIs cleanup for using ETags to make it clear which APIs support them.

Bug Fixes

[ AUT-5933 ] Fixed a bug for OB BR/UK quickstarts where creating OB workspaces would fail due to the Error 409.

[ AUT-6874 ] - Cloudentity now constructs Okta Oauth2 Client IDs using the following template:

"{tenant_id}-{workspace_id}-{acp_client_id}"

This allows you to create Okta IDPs on different tenants without risking naming conflicts in the Okta Client ID.

[ AUT-7215 ] - For CDR API to accept consent POST /cdr/cdr-arrangement/{login}/accept we return HTTP status 400 (Bad Request) when list of scopes to accept is different of list of requested scopes.

[ AUT-7449 ] - Resolved an issue that prevented users from running multiple openbanking demo workspaces in a tenant. Now, users who want to explore multiple openbanking specifications can do so without having to delete their old demo workspace first. This improvement allows for greater flexibility and convenience for users interested in testing out different openbanking demos.

[ AUT-7374 ] This update enables a user interface for configuring rate limits for the events module. This improvement allows System Admins to easily and intuitively set rate limits for the events module improving the overall performance and stability of the system. With the new UI, System Administrators can easily adjust these settings as needed to meet their specific needs and requirements.

[ AUT-7388 ] - Fixed an issue where the Sector Identifier URI field was visible in the OAuth details view even when the Use Pairwise Subject Identifiers field was disabled. This has been updated so that the field is only visible when the Use Pairwise Subject Identifiers field is enabled, providing a clearer user experience.

[ AUT-7491 ] We’ve updated our management APIs for all Open Finance API specifications (FDX, CDR, OBUK, OBBR) to allow users to list consents without providing a request body, even when using filters.

[ AUT-7508 ] We’ve updated the SAML client card in Application Builder to remove unnecessary information and improve usability. Hints for scopes, services, and redirect URI fields have been removed to reduce clutter and make it easier for users to find the information they need.

[ AUT-7531 ] We’ve fixed the configuration for the bank client used by the consent self-service portal application in the FDX quickstart. This ensures that the application is properly set up and can be used as intended.

Deprecations

[ AUT-7326 ] - Following API’s for listing consents/arrangements using GET methods are now deprecated:

• List CDR Arrangements

• Get Open Banking Brasil Consents

• Get UK Open Banking Consents

Recommended Database Versions