Published Release Notes

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

Privilege inheritance support through access roles

Privilege inheritance simplifies the process of defining privileges that are relevant in multiple classes. When determining whether a user should be granted a named privilege that allows a type of access to a class, Pega^® Platform searches for Access of Role to Object (Rule-Access-Role-Obj) rules that are relevant to the target class and to the access roles listed in the user's access group, and considers the privileges granted or denied in those rules. When privilege inheritance is enabled within an access role, the search for relevant Access of Role to Object rules begins with the target class and, if necessary, continues up the class hierarchy until a relevant rule is found.

For more information, see Privilege inheritance for access roles.

No support for Android versions earlier than 4.4 on mobile devices

Pega^® Platform dynamic layouts by default now use Flexbox-based rendering. As a result, mobile devices running on Android versions earlier than 4.4 are not supported in Pega Platform. Such devices cannot render correctly with Flexbox because the Pega Mobile Client includes the default stock browser on the Android operating system.

Cross-origin resource sharing (CORS) policies for APIs and REST services

You can now use cross-origin resource sharing (CORS) policies to control how external systems and websites (origins) are permitted to access resources such as APIs and services within your applications. For example, Pega^® Platform uses CORS policies to restrict which Pega Robotic client applications can connect to your Pega applications, and to limit which mobile apps can call Pega mobile services. Using CORS policies results in reduced cost and implementation times, while providing increased security when other systems or websites interact with your application.

For more information, see Creating a cross-origin resource sharing (CORS) policy and Mapping an endpoint to a cross-origin resource sharing (CORS) policy.

Package caching is not supported in offline-enabled applications built with the UI Kit 7 (09-01-01) portal

When you create an offline-enabled application in Pega^® Platform, by default, it uses a portal with the UI Kit 7 (09-01-01) ruleset. In such a case, the package caching functionality cannot be used. You must either disable caching on the Advanced tab of the Access Group rule form, in the Offline Configuration section, or use an adaptive design instead of rendering different elements for different devices with the UI Kit 7 (09-01-01) ruleset.

For more information, see Access Group form - Completing the Advanced tab.

Integrated Application Security Checklist helps you deploy a secure application

Pega^® Platform now provides an Application Security Checklist that you can refer to when you prepare your application for deployment. By completing the recommended tasks in this checklist, you can track your progress, access instructional information for tasks, and verify that your configurations are secure.

For more information, see Preparing your application for secure deployment, Compliance Score tab, Designer Studio — Home page.

Attach Content control enhancements

You can now use the Attach Content control in Pega^® Platform to configure compression options that limit the size of files created on a mobile device. For example, you can choose from predefined settings to limit video duration or image size. These settings apply when the user records a new video or takes a new photo, but they do not apply to prerecorded media.

Also, when attaching content to a custom mobile app, users can now select any type of file from any source that is available in the device's native file picker component.

For more information, see Configuring file size options for the Attach content control.

Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys

You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega^® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.

For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.

No video controllers displayed on Android 4.3 and earlier versions

When you preview a video clip within Pega^® Mobile Client on a mobile device that runs Android 4.3 or earlier versions, video controllers are not displayed in full-screen mode.

Change passwords from Pega Mobile Client

You can now change your Pega^® Platform password from a mobile device. After your password expires and you try to log in to a custom mobile app, Pega Mobile Client lets you define a new password and verifies it against active password policies.

For more information, see Enabling security policies.