You can now find an Authentication section on the new Security tab, from which you can configure authentication services mapping in your application from the Application Definition form. Previously, the Application Definition form had an Integration and Security tab. Now, there are two separate tabs: Integration and Security.
Filter management for more streamlined user-managed Java-based filters support
Pega Cloud users can manage their URL filters by configuring Tomcat Java-based filter parameters directly in Dev Studio. You can use this feature to securely filter traffic from your application URL without needing to create service requests to manage filter parameters. After you complete your filter configurations and restart your environment cluster, your application saves them for use in your Pega Cloud environment. For more information, see Filter management.
For existing users who previously set up URL filtering using a service request, following an update to Pega Platform 8.7, your application automatically migrates your existing URL filters to your updated environments.
Email notification for expiring and expired certificates in the platform truststore to prevent system access or integration failures
You can now configure the Pega Platform to send email notifications for expiring and expired certificates that the platform truststore manages. After email notifications are configured, specified users receive information about expiring certificates to avoid losing access to the platform and to prevent any integrations from failing to function.
For more information, see Expiring certificate notifications.
Enhanced refresh token support for more secure OAuth 2.0 public clients
When configuring an OAuth 2.0 client registration, you can now select Enable Refresh Token for public clients to receive a refresh token along with an access token from the token endpoint. The public client uses the refresh token to obtain a new access token after your previous access token expires. The Pega Platform rotates a refresh token with each access token, which provides an extra layer of security. In addition, you can now designate how long an access token remains idle before it times out.
For more information, see Creating and configuring an OAuth 2.0 client registration.
Nonce option for greater protection against cross-site scripting attacks now available in the content security policy for Constellation applications
For more information, see Content security policies.