Release Notes for Oracle Health Insurance Authorizations Release 3.21.1.0.0

This document contains the release notes for Oracle Health Insurance Authorizations Release 3.21.1.0.0.

NOTE: Version compatibility: Oracle Health Insurance Authorizations Release 3.21.1.x is only compatible with other Oracle Health Insurance applications release version 3.21.1.x unless explicitly stated otherwise.

NOTE: In accordance with the OHI error correction policy (Document 1494031.1 on My Oracle Support), error correction support will be provided for this release and the previous two releases.

Enhancements

ID	Summary	Description
NXT-18299	JET: Page Access Functions	For JET pages, menu access is based on the function codes, and explicit resource level access is needed to be able to view/edit data. Example: Granting view access to function code FN0002, will enable menu item for message configuration. Now, for a user to search and view messages, explicit access must be granted to 'get' (view) messages resource. Explicit get (view) access must also be granted to all its sub resources. In the case of 'update' grants, all the linked resources must also have 'get' access for LOVs to work. With this enhancement, access to all the api/ip resources needed to operate the JET UI page will be granted implicitly by the system. This implicit api/ip access grant will follow the authorization level of the function access grant. For example, view only access grant to FN0002, will grant only GET access to generic resource /messages. Access to special operations like submitting a policy or a group client would require explicit authorizations to api/ip. The api/ip access that must be explicitly granted is specified in the user access section of the security guide.
NXT-20012	HTTP Query API response only includes requested fields	Before this release, HTTP API resources allowed for payload content customization through the expand and fields accept header parameter, however still some defaults were always included. This enhancement allows for having total control on the payload content by adding another parameter to the Accept header: defaultoverride=true.
NXT-20013	Allow traversing of more levels for referenced fields for Generic HTTP APIs	Before this release, in HTTP API, only two levels of references from any resource level were allowed. All details were allowed at any level but the references were only allowed up until 2 levels. This restriction was put in place for not having memory pressures. It is seen from customer feedback and JET implementation that it can be restrictive sometimes, example being: claim→person→addressList→countryRegion→country→code. Since person is a reference from claim, it is only possible to go to addressList but not further. Allowing for more levels can still cause memory pressures if done for the entire object graph. The solution is to lift restrictions on certain references: Person Country ClaimForm ServiceAddress RenderingAddress CountryRegion Provider : IndividualProvider and OrganizationProvider
NXT-20411	Configuration Migration: Flex Code Groups	Flex Code Group is now available as a top level item in the configuration migration tool.
NXT-20490	Reporting views: Base view generator + specific IP	The base view generator is now included into the OHI applications itself and can be triggered from the Base View Generation IP. This new base view generator is going to replace the existing (script based) view generator which is now deprecated and will be removed in a future release.
NXT-20854	Improvements for Logging to the Database	For logging to the database using the OHI Database Appender, the following capabilities are added: OHI applications automatically remove customer-defined loggers if these are not explicitly marked as durable. Purging log messages: customers can configure the retention period for log event types. Frequently purging log messages helps to limit the amount of log messages stored in the database. It is now possible to bundle log messages in a data file set. An HTTP API resource is made available to define the criteria for selecting the messages that will be bundled.
NXT-21006	Add alternate user identifier and OAuth2-specific mapping to that user identifier based on OAuth token issuer; JWK Set token validation (RFC 7517) is now using OpenID Connect	Some systems identify a user by a technical unique identifier that is not suitable to be displayed in user interface pages. With this enhancement, it is possible to use the User Provisioning IP to specify an alternate, unique user identifier (alternateUserIdentifier attribute), next to the existing loginName, for uniquely identifying and resolving users. This enhancement also allows configuration to map a specific claim in an OAuth2 access token to the OHI User based on the issuer of the token. Configuration for RFC 7517 token validation is now based on OpenID Connect. The properties for it have changed. The option to specify a local key store containing a set of public key certificates was removed. The easiest way to use JWK Set based token validation is to use the OpenID Discovery URI via system property "ohi.oauth.idp.uri" in combination with system property "ohi.oauth.jwk.set.validation.audience". Alternatively, set the following system properties if OpenID Discovery cannot be used: ohi.oauth.jwk.set.url ohi.oauth.jwk.set.validation.audience ohi.oauth.jwk.set.validation.issuer.url ohi.oauth.jwk.set.validation.jws.signing.algorithm (defaults to value "RS256") For obtaining an Access Token using OpenID Connect, specification of the clientId and secret combination was changed. System property "ohi.oauth.token.introspection.endpoint.client_secret" was removed. For obtaining an Access Token using OpenID Connect use system property "ohi.oauth.openidconnect.accesstoken.credential". Use of the latter has to be accompanied by specifying a matching credential. For example, assuming the value for system property "ohi.oauth.openidconnect.accesstoken.credential" is "openid_token_credential", specify a credential at resource "/API_ROOT/credentials/credential/openid_token_credential" with the clientId as username and the secret as password.
NXT-21120	Additional Dynamic Fields for OHI Messages table	The number of dynamic fields available on the OHI Messages table was too small. With this enhancement, the number of dynamic fields on OHI Messages table are extended to support the requirements.
NXT-21203	Provider Identifiers	This enhancement focuses on extending the ability to store one or multiple identifiers on a provider. These are used to identify the provider when processing claims and enrollment.
NXT-21302	Introduce separate property for URL creation for deeplinking in workflows	Property ohi.claims.application.baseurl is used for two purposes. 1) For UI deeplinking for workflow messages 2) For creating links in the notification as a callback to get back data. It is possible that the two usecases require different urls as they both can be exposed on different ports. Hence, with this enhancement, a separate property is introduced to manage the deeplinking for workflows, the new property is ohi.claims.deeplink.url. Implementation Guide: no change Integration Guide: Claims Properties File Database changes: no change Scenarios dynamic logic: no change
NXT-21306	Introduce the possibility to have aliases in fields/expand list	With this enhancement, it is possible to use aliases in fields/expand section in Generic HTTP APIs. Integration Guide: Influence Resource Representation
NXT-21384	Prevent CMT migration between different major versions	Preventing Configuration Migration between a source and target environment that are not on the same major release.
OIG-1366	Dynamic Logic Hooks/Extensions	This enhancement make it possible to extend dynamic logic delivered as part of configuration by customers to provide their specific changes/extensions. This is enabled by introducing a new signature 'Extension' for all such extensions with a reference to the base dynamic logic that it is extending. At runtime, the application finds out all the extensions and invokes them.
OIG-1369	Switching Off Delete by Omission for country packs	This feature switches off the Delete by Omission functionality and allows to import the parent without deleting children in the Target Environment when importing CMT from Source Environment. This is done to support situations where the configuration is delivered and it only contains parent records, and the corresponding children are customer specific.
OIG-1434	Dynamic Logic Framework should allow to use package statement in the logic	Before this release the dynamic logic framework assumes all scripts to be written in a default package ohi.dynamiclogic. This is done to apply the security restrictions and to allow for logging only in scripts defined in the aforementioned package. This causes problems with reusability, as every logic that requires to use the reusable code, needs to append ohi.dynamiclogic before importing it. This makes it difficult to manage and test these groovy logic in isolation. On top of that, dynamic logic framework does not play well, if the package statement is explicitly included as ohi.dynamiclogic, as it appends another ohi.dynamiclogic in front of it. With this enhancement, it is possible to declare packages in the script and the framework will work with the package defined. It is however important, that the packages defined should start with ohi.dynamiclogic, otherwise security restrictions will be enforced.
OIG-1445	Create Rest Service to generate objects and download them as zip	Introduction of the Objects Integration Point to download the objects as a zip. This Objects Integration Point also introduces the capability to generate dynamic fields and records as just a plain key-value pair, to avoid having to regenerate these after every introduction of dynamic data.
OIG-1446	Generate Signatures for Dynamic Logic as part of meta object creation	This enhancement adds the generation of skeleton dynamic logic groovy files along with generation of objects to assist in groovy coding. These signatures are generated as part of 'Generate Objects' feature in the View Objects page(ADF) and as part of the Objects Integration Point.
OIG-746	Build CMT Selective Migration Capabilities	This enhancement allows for creating selective migration sets for CMT. With this enhancement, a new IP is introduced to create a selective payload and will also be utilised by JET UI to build the selective migration capabilities. However, this release does not contain JET UI screens
POL-5081	Configurable Address Types	This enhancements makes the address type a configurable domain for relations.
POL-6794	Configurable Gender Types	This enhancement creates the possibility to capture a person’s gender identity. Gender identity is a separate configurable entity.
POL-6797	Dynamic Logic Framework should allow for reusable groovy classes to be created and used	With this enhancement, dynamic logic framework allows for coding reusable classes to be reused as structures in other groovy scripts. This enhancement also introduces a new signature name for coding such reusable classes/scripts. The name of the signature is "Reusable Code" and does not have any specific bindings.

Summary

Description

Included in Patch

NXT-18299

JET: Page Access Functions

For JET pages, menu access is based on the function codes, and explicit resource level access is needed to be able to view/edit data. Example: Granting view access to function code FN0002, will enable menu item for message configuration. Now, for a user to search and view messages, explicit access must be granted to 'get' (view) messages resource. Explicit get (view) access must also be granted to all its sub resources. In the case of 'update' grants, all the linked resources must also have 'get' access for LOVs to work.

With this enhancement, access to all the api/ip resources needed to operate the JET UI page will be granted implicitly by the system. This implicit api/ip access grant will follow the authorization level of the function access grant. For example, view only access grant to FN0002, will grant only GET access to generic resource /messages.

Access to special operations like submitting a policy or a group client would require explicit authorizations to api/ip. The api/ip access that must be explicitly granted is specified in the user access section of the security guide.

NXT-20012

HTTP Query API response only includes requested fields

Before this release, HTTP API resources allowed for payload content customization through the expand and fields accept header parameter, however still some defaults were always included.
This enhancement allows for having total control on the payload content by adding another parameter to the Accept header: defaultoverride=true.

NXT-20013

Allow traversing of more levels for referenced fields for Generic HTTP APIs

Before this release, in HTTP API, only two levels of references from any resource level were allowed. All details were allowed at any level but the references were only allowed up until 2 levels. This restriction was put in place for not having memory pressures. It is seen from customer feedback and JET implementation that it can be restrictive sometimes, example being: claim→person→addressList→countryRegion→country→code. Since person is a reference from claim, it is only possible to go to addressList but not further. Allowing for more levels can still cause memory pressures if done for the entire object graph. The solution is to lift restrictions on certain references:

Person
Country
ClaimForm
ServiceAddress
RenderingAddress
CountryRegion
Provider : IndividualProvider and OrganizationProvider

NXT-20411

Configuration Migration: Flex Code Groups

Flex Code Group is now available as a top level item in the configuration migration tool.

NXT-20490

Reporting views: Base view generator + specific IP

The base view generator is now included into the OHI applications itself and can be triggered from the Base View Generation IP. This new base view generator is going to replace the existing (script based) view generator which is now deprecated and will be removed in a future release.

NXT-20854

Improvements for Logging to the Database

For logging to the database using the OHI Database Appender, the following capabilities are added:

OHI applications automatically remove customer-defined loggers if these are not explicitly marked as durable.
Purging log messages: customers can configure the retention period for log event types. Frequently purging log messages helps to limit the amount of log messages stored in the database.
It is now possible to bundle log messages in a data file set. An HTTP API resource is made available to define the criteria for selecting the messages that will be bundled.

NXT-21006

Add alternate user identifier and OAuth2-specific mapping to that user identifier based on OAuth token issuer; JWK Set token validation (RFC 7517) is now using OpenID Connect

Some systems identify a user by a technical unique identifier that is not suitable to be displayed in user interface pages. With this enhancement, it is possible to use the User Provisioning IP to specify an alternate, unique user identifier (alternateUserIdentifier attribute), next to the existing loginName, for uniquely identifying and resolving users.

This enhancement also allows configuration to map a specific claim in an OAuth2 access token to the OHI User based on the issuer of the token.

Configuration for RFC 7517 token validation is now based on OpenID Connect. The properties for it have changed. The option to specify a local key store containing a set of public key certificates was removed. The easiest way to use JWK Set based token validation is to use the OpenID Discovery URI via system property "ohi.oauth.idp.uri" in combination with system property "ohi.oauth.jwk.set.validation.audience". Alternatively, set the following system properties if OpenID Discovery cannot be used:

ohi.oauth.jwk.set.url
ohi.oauth.jwk.set.validation.audience
ohi.oauth.jwk.set.validation.issuer.url
ohi.oauth.jwk.set.validation.jws.signing.algorithm (defaults to value "RS256")

For obtaining an Access Token using OpenID Connect, specification of the clientId and secret combination was changed.

System property "ohi.oauth.token.introspection.endpoint.client_secret" was removed.
For obtaining an Access Token using OpenID Connect use system property "ohi.oauth.openidconnect.accesstoken.credential".
Use of the latter has to be accompanied by specifying a matching credential. For example, assuming the value for system property "ohi.oauth.openidconnect.accesstoken.credential" is "openid_token_credential", specify a credential at resource "/API_ROOT/credentials/credential/openid_token_credential" with the clientId as username and the secret as password.

NXT-21120

Additional Dynamic Fields for OHI Messages table

The number of dynamic fields available on the OHI Messages table was too small. With this enhancement, the number of dynamic fields on OHI Messages table are extended to support the requirements.

NXT-21203

Provider Identifiers

This enhancement focuses on extending the ability to store one or multiple identifiers on a provider. These are used to identify the provider when processing claims and enrollment.

NXT-21302

Introduce separate property for URL creation for deeplinking in workflows

Property ohi.claims.application.baseurl is used for two purposes.
1) For UI deeplinking for workflow messages
2) For creating links in the notification as a callback to get back data.

It is possible that the two usecases require different urls as they both can be exposed on different ports. Hence, with this enhancement, a separate property is introduced to manage the deeplinking for workflows, the new property is ohi.claims.deeplink.url.
Implementation Guide: no change
Integration Guide: Claims Properties File
Database changes: no change
Scenarios dynamic logic: no change

NXT-21306

Introduce the possibility to have aliases in fields/expand list

With this enhancement, it is possible to use aliases in fields/expand section in Generic HTTP APIs.
Integration Guide: Influence Resource Representation

NXT-21384

Prevent CMT migration between different major versions

Preventing Configuration Migration between a source and target environment that are not on the same major release.

OIG-1366

Dynamic Logic Hooks/Extensions

This enhancement make it possible to extend dynamic logic delivered as part of configuration by customers to provide their specific changes/extensions. This is enabled by introducing a new signature 'Extension' for all such extensions with a reference to the base dynamic logic that it is extending. At runtime, the application finds out all the extensions and invokes them.

OIG-1369

Switching Off Delete by Omission for country packs

This feature switches off the Delete by Omission functionality and allows to import the parent without deleting children in the Target Environment when importing CMT from Source Environment. This is done to support situations where the configuration is delivered and it only contains parent records, and the corresponding children are customer specific.

OIG-1434

Dynamic Logic Framework should allow to use package statement in the logic

Before this release the dynamic logic framework assumes all scripts to be written in a default package ohi.dynamiclogic. This is done to apply the security restrictions and to allow for logging only in scripts defined in the aforementioned package.

This causes problems with reusability, as every logic that requires to use the reusable code, needs to append ohi.dynamiclogic before importing it. This makes it difficult to manage and test these groovy logic in isolation. On top of that, dynamic logic framework does not play well, if the package statement is explicitly included as ohi.dynamiclogic, as it appends another ohi.dynamiclogic in front of it.

With this enhancement, it is possible to declare packages in the script and the framework will work with the package defined. It is however important, that the packages defined should start with ohi.dynamiclogic, otherwise security restrictions will be enforced.

OIG-1445

Create Rest Service to generate objects and download them as zip

Introduction of the Objects Integration Point to download the objects as a zip. This Objects Integration Point also introduces the capability to generate dynamic fields and records as just a plain key-value pair, to avoid having to regenerate these after every introduction of dynamic data.

OIG-1446

Generate Signatures for Dynamic Logic as part of meta object creation

This enhancement adds the generation of skeleton dynamic logic groovy files along with generation of objects to assist in groovy coding. These signatures are generated as part of 'Generate Objects' feature in the View Objects page(ADF) and as part of the Objects Integration Point.

OIG-746

Build CMT Selective Migration Capabilities

This enhancement allows for creating selective migration sets for CMT. With this enhancement, a new IP is introduced to create a selective payload and will also be utilised by JET UI to build the selective migration capabilities. However, this release does not contain JET UI screens

POL-5081

Configurable Address Types

This enhancements makes the address type a configurable domain for relations.

POL-6794

Configurable Gender Types

This enhancement creates the possibility to capture a person’s gender identity. Gender identity is a separate configurable entity.

POL-6797

Dynamic Logic Framework should allow for reusable groovy classes to be created and used

With this enhancement, dynamic logic framework allows for coding reusable classes to be reused as structures in other groovy scripts. This enhancement also introduces a new signature name for coding such reusable classes/scripts. The name of the signature is "Reusable Code" and does not have any specific bindings.

Upgrade Steps for Installation

To perform the upgrade, perform the following steps:

Perform any pre-upgrade steps.
Stop all the managed nodes running the .existing version of the application.
Perform any pre-undeploy steps.
Undeploy the existing version of the application.
Back up the database.
Perform any post-undeploy steps.
Unpack the release bundle into a directory that we refer to as OHI_ROOT from now on.
Change Installation Configuration: In <OHI_ROOT>/util/install, make a copy of ohi_install.cfg.template and name it ohi_install.cfg.
Edit ohi_install.cfg to contain your specific database connection data and other configuration settings. The settings are explained in the file itself.
Make sure NO connections are present to the database using the OHI_xxx_USER account (where xxx is the abbreviation of the application)
Run the Upgrade script:
1. Open a command window and browse to <OHI_ROOT>/util/install.
2. Run the upgrade by executing ./ohi-update.sh .
Make the required changes to the ohi properties file
Perform any post-upgrade steps
Start WebLogic application server
Deploy the Application
Perform any post-deploy steps

Additional Upgrade Steps for Installation

The following phases are defined:

pre-upgrade: Application is still running
pre-undeploy: Application is stopped, but not undeployed.
post-undeploy: Application is undeployed. Database is backed up
post-upgrade: Released upgrade script has run.
post-deploy: New application is deployed and is up and running.

To create a new read-only user that has access to the new Base Views run the following SQL script as a DBA user

grant connect, create synonym to ohi_auths_bvg_vws_user identified by &give_users_password;

Install the database patch for "Bug 30806757 - ORA-8103 when inserting into a new partition with is json constraint in place (Doc ID 30806757.8)". If that is not done and the "logging to the database" feature is enabled then this results in the following error: "Problem appending events for Log Type application|dylo java.sql.BatchUpdateException: ORA-08103: object no longer exists".

Configuration Properties

Ref	Action	Subject	Description
AUT-1913		ohi.logging.fileset.max.timespan	Maximum time in days between start and end time for bundling log events in a file set.
AUT-1913		ohi.logging.phi.min.retentionperiod	Minimal number of days for retaining PHI log events.
NXT-20490	Added	ohi.baseview.generation.worker.count	The number of worker threads to start for a base view generation process
NXT-20854	Modified	ohi.incident.datafileset.retentionperiod	The property ohi.incidents.datafileset.retentionperiod is renamed to ohi.incident.datafileset.retentionperiod
NXT-20854	Modified	ohi.incident.target	The property ohi.incidents.target is renamed to ohi.incident.target
NXT-21006	Added	ohi.oauth.jwk.set.validation.jws.signing.algorithm	Signing algorithm used by the Authorization Server.
NXT-21006	Added	ohi.oauth.token.issuers	Comma-separated string of possible token issuers
NXT-21006	Added	ohi.oauth.jwk.set.validation.issuer	Issuer for token validation.
NXT-21006	Added	ohi.oauth.token.issuer.{0}	Specific issuer identifier
NXT-21006	Added	ohi.oauth.openidconnect.accesstoken.client_id	Client ID of the OpenID Connect client that has to be present to acquire an access token.
NXT-21006	Added	ohi.oauth.openidconnect.accesstoken.validation.clockskew	Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider.
NXT-21006	Added	ohi.oauth.token.issuer.{0}.user.claim	Issuer-specific user claim
NXT-21006	Added	ohi.oauth.openidconnect.accesstoken.credential	Credential associated with the OpenID Connect client that has to be present to acquire an access token.
NXT-21006	Added	ohi.oauth.jwk.set.validation.audience	Client Id or audience claim for token validation.
NXT-21006	Removed	ohi.oauth.jws.verification.key.selection.key_id
NXT-21006	Removed	ohi.oauth.token.introspection.endpoint.client_secret
NXT-21006	Removed	ohi.oauth.jwk.publickey.keyid.source
NXT-21006	Removed	ohi.oauth.jwk.keystore.name
NXT-21006	Removed	ohi.oauth.jws.verification.key.selection.signing_keys_only
NXT-21006	Removed	ohi.oauth.jws.verification.key.selection.public_keys_only
NXT-21006	Removed	ohi.oauth.jws.verification.key.selection.jws_algorithm
NXT-21302		ohi.claims.deeplink.url	The base URL of an application used only in ADF deep linking URL formation. It includes the machine or load balancer, the domain and a port number. This is mandatory to set to have correct link in deep linking URL.

Ref

Action

Subject

Description

AUT-1913

ohi.logging.fileset.max.timespan

Maximum time in days between start and end time for bundling log events in a file set.

AUT-1913

ohi.logging.phi.min.retentionperiod

Minimal number of days for retaining PHI log events.

NXT-20490

Added

ohi.baseview.generation.worker.count

The number of worker threads to start for a base view generation process

NXT-20854

Modified

ohi.incident.datafileset.retentionperiod

The property ohi.incidents.datafileset.retentionperiod is renamed to ohi.incident.datafileset.retentionperiod

NXT-20854

Modified

ohi.incident.target

The property ohi.incidents.target is renamed to ohi.incident.target

NXT-21006

Added

ohi.oauth.jwk.set.validation.jws.signing.algorithm

Signing algorithm used by the Authorization Server.

NXT-21006

Added

ohi.oauth.token.issuers

Comma-separated string of possible token issuers

NXT-21006

Added

ohi.oauth.jwk.set.validation.issuer

Issuer for token validation.

NXT-21006

Added

ohi.oauth.token.issuer.{0}

Specific issuer identifier

NXT-21006

Added

ohi.oauth.openidconnect.accesstoken.client_id

Client ID of the OpenID Connect client that has to be present to acquire an access token.

NXT-21006

Added

ohi.oauth.openidconnect.accesstoken.validation.clockskew

Defines the maximum acceptable clock skew (in seconds) for validating timestamps of ID tokens that are issued by an OpenID Provider.

NXT-21006

Added

ohi.oauth.token.issuer.{0}.user.claim

Issuer-specific user claim

NXT-21006

Added

ohi.oauth.openidconnect.accesstoken.credential

Credential associated with the OpenID Connect client that has to be present to acquire an access token.

NXT-21006

Added

ohi.oauth.jwk.set.validation.audience

Client Id or audience claim for token validation.

NXT-21006

Removed

ohi.oauth.jws.verification.key.selection.key_id

NXT-21006

Removed

ohi.oauth.token.introspection.endpoint.client_secret

NXT-21006

Removed

ohi.oauth.jwk.publickey.keyid.source

NXT-21006

Removed

ohi.oauth.jwk.keystore.name

NXT-21006

Removed

ohi.oauth.jws.verification.key.selection.signing_keys_only

NXT-21006

Removed

ohi.oauth.jws.verification.key.selection.public_keys_only

NXT-21006

Removed

ohi.oauth.jws.verification.key.selection.jws_algorithm

NXT-21302

ohi.claims.deeplink.url

The base URL of an application used only in ADF deep linking URL formation. It includes the machine or load balancer, the domain and a port number. This is mandatory to set to have correct link in deep linking URL.

Web Services

Ref	Action	Subject	Description
AUT-1913		generic/loglevelretentionperiods	New HTTP API Resource for defining Level-based Retention Period overrides
AUT-1913		/generic/logeventretentionperiods	New HTTP API Resource for defining Retention Periods for Log Event Types
AUT-1913		/generic/logfilesetspecifications	New HTTP API Resource for defining Log File Set Specifications
NXT-20490	Added	Base View Generation Integration Point	New Integration Point
NXT-21006	Modified	Provisioning Integration Point	Added alternateUserIdentifier: an alternate identifier, next to the loginName, for uniquely identifying a user
NXT-21203	Modified	Provider Integration Point, Claims Integration Point & Policy Integration Point	This enhancement focuses on extending the ability to store one or multiple provider identifiers on a provider.
OIG-1445	Added	Objects Integration Point	New Integration Point
OIG-746	Added	Configuration Migration Integration Point	New Integration Point (part of Dataexchange)
POL-5081	Modified	Relation IP and API	Added new attribute addressTypeCode
POL-6794	Modified	Relations IP and API	new attribute genderIdentityCode

Ref

Action

Subject

Description

AUT-1913

generic/loglevelretentionperiods

New HTTP API Resource for defining Level-based Retention Period overrides

AUT-1913

/generic/logeventretentionperiods

New HTTP API Resource for defining Retention Periods for Log Event Types

AUT-1913

/generic/logfilesetspecifications

New HTTP API Resource for defining Log File Set Specifications

NXT-20490

Added

Base View Generation Integration Point

New Integration Point

NXT-21006

Modified

Provisioning Integration Point

Added alternateUserIdentifier: an alternate identifier, next to the loginName, for uniquely identifying a user

NXT-21203

Modified

Provider Integration Point, Claims Integration Point & Policy Integration Point

This enhancement focuses on extending the ability to store one or multiple provider identifiers on a provider.

OIG-1445

Added

Objects Integration Point

New Integration Point

OIG-746

Added

Configuration Migration Integration Point

New Integration Point (part of Dataexchange)

POL-5081

Modified

Relation IP and API

Added new attribute addressTypeCode

POL-6794

Modified

Relations IP and API

new attribute genderIdentityCode

Data Conversion

Ref	Action	Subject	Description
POL-5081		Table change event rule fields updated	Change event rules on address that are using field 'type' are updated to 'addressType'. This is applicable for Policies application only.

Ref

Action

Subject

Description

POL-5081

Table change event rule fields updated

Change event rules on address that are using field 'type' are updated to 'addressType'.

This is applicable for Policies application only.

Dynamic Logic

Ref	Action	Subject	Description
OIG-1366	Added	Dynamic Logic Signature	Introduced a new signature with name "Extension"
POL-5081	Modified	Dynamic logic using address.type	'type' attribute of Address is replaced by 'addressType'. Accessing type attribute on address is deprecated and will not be supported in a future release.
POL-6797	Added	Dynamic Logic Signature	Introduced a new signature with name "Reusable Code"

Ref

Action

Subject

Description

OIG-1366

Added

Dynamic Logic Signature

Introduced a new signature with name "Extension"

POL-5081

Modified

Dynamic logic using address.type

'type' attribute of Address is replaced by 'addressType'. Accessing type attribute on address is deprecated and will not be supported in a future release.

POL-6797

Added

Dynamic Logic Signature

Introduced a new signature with name "Reusable Code"

UI Changes

Ref	Action	Subject	Description
NXT-20490	Added	Tables page	New indicator PII?
NXT-20490	Added	Record Definitions page	New indicator PII?
OIG-1366	Modified	Dynamic Logic Page	Added Base dynamic logic. This is done for both UI (ADF and Jet) where applicable.
POL-6794	Added	Gender Identities, Address Types	Added Gender Identities, Address Types
POL-6794	Modified	Persons, Organizations	Added Gender Identities and address types lovs in persons and organizations page

Ref

Action

Subject

Description

NXT-20490

Added

Tables page

New indicator PII?

NXT-20490

Added

Record Definitions page

New indicator PII?

OIG-1366

Modified

Dynamic Logic Page

Added Base dynamic logic. This is done for both UI (ADF and Jet) where applicable.

POL-6794

Added

Gender Identities, Address Types

Added Gender Identities, Address Types

POL-6794

Modified

Persons, Organizations

Added Gender Identities and address types lovs in persons and organizations page

Deprecated items (to be removed in future release)

Ref	Action	Subject	Description
NXT-20490		Reporting Views	The reporting views as generated by the runnable jar are now deprecated.
POL-5081		Dynamic logic using address.type and generic API on address	'type' attribute of Address is replaced by 'addressType'

Ref

Action

Subject

Description

NXT-20490

Reporting Views

The reporting views as generated by the runnable jar are now deprecated.

POL-5081

Dynamic logic using address.type and generic API on address

'type' attribute of Address is replaced by 'addressType'

Breaking Changes

Ref	Action	Subject	Description
NXT-20854	Modified	ohi.incident.target	The property ohi.incidents.target is renamed to ohi.incident.target
NXT-20854	Modified	ohi.incident.datafileset.retentionperiod	The property ohi.incidents.datafileset.retentionperiod is renamed to ohi.incident.datafileset.retentionperiod
NXT-21302	Modified	Introduce separate property for URL creation for deeplinking in workflows	Deeplinking URL property for workflows is changed from ohi.claims.application.baseurl to ohi.claims.deeplink.url
NXT-21384	Removed	Migration behaviour	Migration between different major versions wont be possible anymore.
POL-5081	Modified	Generic API search on address.type	This should be replaced by address.addressType.code

Ref

Action

Subject

Description

NXT-20854

Modified

ohi.incident.target

The property ohi.incidents.target is renamed to ohi.incident.target

NXT-20854

Modified

ohi.incident.datafileset.retentionperiod

The property ohi.incidents.datafileset.retentionperiod is renamed to ohi.incident.datafileset.retentionperiod

NXT-21302

Modified

Introduce separate property for URL creation for deeplinking in workflows

Deeplinking URL property for workflows is changed from ohi.claims.application.baseurl to ohi.claims.deeplink.url

NXT-21384

Removed

Migration behaviour

Migration between different major versions wont be possible anymore.

POL-5081

Modified

Generic API search on address.type

This should be replaced by address.addressType.code

Bug Fixes

BugDB	SR	Internal	Summary
32073618		AUT-1885	Dynamic Logic exception: Restricted method invocation
Description:	When accessing the object returned by the JSON slurper, the application raises an exception, e.g.: Error occurred in dynamic logic "DYLO_NAME" on line "xxx": "java.lang.SecurityException: Restricted method invocation."
Resolution:	The new version of Groovy packaged with the application returns a Lazymap object from the JSON slurper. Access from Dynamic Logic to objects of this type was not permitted, this has now been changed.
32083208		AUT-1887	CMT is not implemented for Member identifiers
Description:	Missing Identifier Types in CMT
Resolution:	Identifier types are now migratable through CMT
32107923	3-24068646251	AUT-1905	Business validation error not handled correctly in UI leading to unexpected exception
Description:	When business validation added to the corresponding UI data row, exception throws and it was not handled in UI. So it navigates to the standard error page.
Resolution:	Handled the error where save logic is written. Now it will be shown in the corresponding page as the expected error. Message 'The server is unable to respond' does not show anymore when saving in the application.
32150225	3-24500949741	AUT-1912	Exception occurred when user selects value to the column level multivalue flex code.
Description:	When the user selects a value from the LOV for a multivalued flex code column, null pointer exception was thrown and error page was displayed.
Resolution:	A value can now be selected from the LOV for a multivalued flex code column.
32334690	3-24738743651	AUT-1973	Dynamic records not exported in excel
Description:	Dynamic column value at column level not displayed in exported excel
Resolution:	Dynamic record columns will now be listed in excel.
32469420		AUT-2023	Task is stuck in 'PROCESSING' status if the node leaves the cluster
Description:	When the node processing a task leaves the cluster or if the node is stopped while the task is being processed, then the status of the task remains in 'PROCESSING' status. The other nodes in the cluster should have recovered/requeued that task.
Resolution:	When a node leaves the cluster, then the tasks that are currently being processed by that node are now recovered by the other node(s) in the cluster.
32477453		AUT-2028	CMT process hangs if interrupted and does not allow running any new CMT process
Description:	When CMT fails the job can be stuck within the database which prevents the user from running another CMT. Steps to reproduce are: 1. Start CMT Import, when the import has started, stop the server. 2. Restart the node(s). 3. Start another import process. 4. The process does not start, and fails.
Resolution:	The resolution was mostly done on transactional grounds of the cleanup services. Post the resolution, if CMT process is interrupted due to any reason, it can be started again. Steps to verify are : 1. Start CMT Import, when the import has started, stop the server. 2. Restart the node(s). 3. Check the status of the CMT process after restart, it should be marked as F. 4. Start the import process again, it should be possible to successfully start the process.

BugDB

Internal

Summary

32073618

AUT-1885

Dynamic Logic exception: Restricted method invocation

Description:

When accessing the object returned by the JSON slurper, the application raises an exception, e.g.:

Error occurred in dynamic logic "DYLO_NAME" on line "xxx": "java.lang.SecurityException: Restricted method invocation."

Resolution:

The new version of Groovy packaged with the application returns a Lazymap object from the JSON slurper. Access from Dynamic Logic to objects of this type was not permitted, this has now been changed.

32083208

AUT-1887

CMT is not implemented for Member identifiers

Description:

Missing Identifier Types in CMT

Resolution:

Identifier types are now migratable through CMT

32107923

3-24068646251

AUT-1905

Business validation error not handled correctly in UI leading to unexpected exception

Description:

When business validation added to the corresponding UI data row, exception throws and it was not handled in UI. So it navigates to the standard error page.

Resolution:

Handled the error where save logic is written. Now it will be shown in the corresponding page as the expected error. Message 'The server is unable to respond' does not show anymore when saving in the application.

32150225

3-24500949741

AUT-1912

Exception occurred when user selects value to the column level multivalue flex code.

Description:

When the user selects a value from the LOV for a multivalued flex code column, null pointer exception was thrown and error page was displayed.

Resolution:

A value can now be selected from the LOV for a multivalued flex code column.

32334690

3-24738743651

AUT-1973

Dynamic records not exported in excel

Description:

Dynamic column value at column level not displayed in exported excel

Resolution:

Dynamic record columns will now be listed in excel.

32469420

AUT-2023

Task is stuck in 'PROCESSING' status if the node leaves the cluster

Description:

When the node processing a task leaves the cluster or if the node is stopped while the task is being processed, then the status of the task remains in 'PROCESSING' status. The other nodes in the cluster should have recovered/requeued that task.

Resolution:

When a node leaves the cluster, then the tasks that are currently being processed by that node are now recovered by the other node(s) in the cluster.

32477453

AUT-2028

CMT process hangs if interrupted and does not allow running any new CMT process

Description:

When CMT fails the job can be stuck within the database which prevents the user from running another CMT. Steps to reproduce are: 1. Start CMT Import, when the import has started, stop the server. 2. Restart the node(s). 3. Start another import process. 4. The process does not start, and fails.

Resolution:

The resolution was mostly done on transactional grounds of the cleanup services. Post the resolution, if CMT process is interrupted due to any reason, it can be started again. Steps to verify are : 1. Start CMT Import, when the import has started, stop the server. 2. Restart the node(s). 3. Check the status of the CMT process after restart, it should be marked as F. 4. Start the import process again, it should be possible to successfully start the process.

Issues that were backported in previous Release / Patch

No backports.

Known Issues

BugDB	SR	Internal	Summary
26392920		AUT-1041	ACCESS - Focus does not reach the overflow icon
Description:	On navigating via the keyboard on persons page, the focus does not reach the overflow icon for existing records.
26392938		AUT-1042	ACCESS : Unopened child sections are not accessible using keyboard
Description:	The user is not able to access unopened child sections using only the keyboard. The user should be able to use all the links, sections and functionalities just by a keyboard.
26393635		AUT-1044	ACCESS - ALT text is missing for all the images in the documentation. And hence the images are not recognized by JAWS screen reader.
Description:	ALT text is missing for all the images in the document. And hence the images are not recognized by JAWS screen reader.
31533939		AUT-1764	ACCESS : Application does not support the portrait mode of the screen.
Description:	The application needs to support portrait mode as well as landscape mode. Currently, the application does not support when the application is used in portrait mode of the screen.
32477035		AUT-2027	With clicking Next button dialog button not refreshed
Description:	In Popup dialogs, Next and previous button doesn’t work due to refresh issue.
32477606		AUT-2029	No Base View generated for Reference Sheet Lines
Description:	Reference sheet(line)s use a different storage structure (JSON) for the dynamic fields. The base view generator does not support that yet. So the reference sheet line columns can’t be queried using base views.
32525615		AUT-2042	Usage Names with a reserved SQL word result in view generation failure
Description:	A usage name like "level" (which is a SQL reserved word) results in a failure in the view generator for the table where this usage is used.
32555703		AUT-2057	Baseview generation sometimes might result in error: ORA-01461
Description:	This happens occasionally when generating baseviews. An error similar to the one described below is emitted to the application logfile: java.sql.SQLException: ORA-12801: error signaled in parallel query server P007 ORA-01461: can bind a LONG value only for insert into a LONG column
32567704		AUT-2060	Configure ohi.resource.client.timer Resource Tag construction
Description:	For gathering metrics, it must be possible to control the resource tag for an "ohi.resource.client.timer" to point to the name of the resource (and not be more specific than that).
26391698		AUT-680	Access : Documentation : No summary was defined for data table
Description:	No summary defined for the data table in the documents.
26391717		AUT-681	Access - Documentation - Header cell is not the First row and not scoped
Description:	The header cell is not the first row/column and is not scoped for the documents
25437440		AUT-690	ACCESS : Focus should first come to the left hand side menu
Description:	When using the tab the focus should come to the left-hand side menu first instead It’s going towards the right
25437457		AUT-691	ACCESS : CTRL+INS+I shortcut for list items does not work
Description:	List items on the page are not displayed using the CTRIL+INS+I shortcut.
25466241		AUT-716	ACCESS: The Close tab 'X' icon is not accessible via keyboard navigation
Description:	The 'x' icon of any opened page is not accessible if using only Tab (keyboard) navigation.
25466259		AUT-721	ACCESS: Jump to line functionality of JAWS (Screen reader) doesn’t work.
Description:	The user is not able to use the Jump to line functionality of JAWS which enables the user to navigate to a specific line/attribute based on its unique number.
25466274		AUT-722	ACCESS: DOCUMENT TESTING: The page address link is read as page title using assistive technology (JAWS)
Description:	The assistive technology (JAWS) should read 'OHI Authorizations' as the title instead it’s reading the page address link as the title.
25466289		AUT-725	ACCESS: Persons and Organizations page overflow icon is not accessible
Description:	Persons and organizations page overflow icon is not accessible using only a keyboard.
25466288		AUT-726	ACCESS : DOCUMENTATION TESTING : The table is showing rows with the headers
Description:	The documents are showing the rows without the headers for a table. For some of the tables, a header is not defined.
25466283		AUT-727	ACCESS : Documentation testing : Graphical images are not detected by assistive technology (JAWS)
Description:	Assistive technology (JAWS) is not able to detect available graphical images on any page in the documents.

BugDB

Internal

Summary

26392920

AUT-1041

ACCESS - Focus does not reach the overflow icon

Description:

On navigating via the keyboard on persons page, the focus does not reach the overflow icon for existing records.

26392938

AUT-1042

ACCESS : Unopened child sections are not accessible using keyboard

Description:

The user is not able to access unopened child sections using only the keyboard. The user should be able to use all the links, sections and functionalities just by a keyboard.

26393635

AUT-1044

ACCESS - ALT text is missing for all the images in the documentation. And hence the images are not recognized by JAWS screen reader.

Description:

ALT text is missing for all the images in the document. And hence the images are not recognized by JAWS screen reader.

31533939

AUT-1764

ACCESS : Application does not support the portrait mode of the screen.

Description:

The application needs to support portrait mode as well as landscape mode. Currently, the application does not support when the application is used in portrait mode of the screen.

32477035

AUT-2027

With clicking Next button dialog button not refreshed

Description:

In Popup dialogs, Next and previous button doesn’t work due to refresh issue.

32477606

AUT-2029

No Base View generated for Reference Sheet Lines

Description:

Reference sheet(line)s use a different storage structure (JSON) for the dynamic fields. The base view generator does not support that yet. So the reference sheet line columns can’t be queried using base views.

32525615

AUT-2042

Usage Names with a reserved SQL word result in view generation failure

Description:

A usage name like "level" (which is a SQL reserved word) results in a failure in the view generator for the table where this usage is used.

32555703

AUT-2057

Baseview generation sometimes might result in error: ORA-01461

Description:

This happens occasionally when generating baseviews.

An error similar to the one described below is emitted to the application logfile:

java.sql.SQLException: ORA-12801: error signaled in parallel query server P007 ORA-01461: can bind a LONG value only for insert into a LONG column

32567704

AUT-2060

Configure ohi.resource.client.timer Resource Tag construction

Description:

For gathering metrics, it must be possible to control the resource tag for an "ohi.resource.client.timer" to point to the name of the resource (and not be more specific than that).

26391698

AUT-680

Access : Documentation : No summary was defined for data table

Description:

No summary defined for the data table in the documents.

26391717

AUT-681

Access - Documentation - Header cell is not the First row and not scoped

Description:

The header cell is not the first row/column and is not scoped for the documents

25437440

AUT-690

ACCESS : Focus should first come to the left hand side menu

Description:

When using the tab the focus should come to the left-hand side menu first instead It’s going towards the right

25437457

AUT-691

ACCESS : CTRL+INS+I shortcut for list items does not work

Description:

List items on the page are not displayed using the CTRIL+INS+I shortcut.

25466241

AUT-716

ACCESS: The Close tab 'X' icon is not accessible via keyboard navigation

Description:

The 'x' icon of any opened page is not accessible if using only Tab (keyboard) navigation.

25466259

AUT-721

ACCESS: Jump to line functionality of JAWS (Screen reader) doesn’t work.

Description:

The user is not able to use the Jump to line functionality of JAWS which enables the user to navigate to a specific line/attribute based on its unique number.

25466274

AUT-722

ACCESS: DOCUMENT TESTING: The page address link is read as page title using assistive technology (JAWS)

Description:

The assistive technology (JAWS) should read 'OHI Authorizations' as the title instead it’s reading the page address link as the title.

25466289

AUT-725

ACCESS: Persons and Organizations page overflow icon is not accessible

Description:

Persons and organizations page overflow icon is not accessible using only a keyboard.

25466288

AUT-726

ACCESS : DOCUMENTATION TESTING : The table is showing rows with the headers

Description:

The documents are showing the rows without the headers for a table. For some of the tables, a header is not defined.

25466283

AUT-727

ACCESS : Documentation testing : Graphical images are not detected by assistive technology (JAWS)

Description:

Assistive technology (JAWS) is not able to detect available graphical images on any page in the documents.