Published Release Notes

New service for generating OAuth 2.0 client credentials

Pega^® Platform now includes the oauthclients service package that provides a REST service for generating OAuth 2.0 client credentials. By using the client registration service, you can dynamically register OAuth 2.0 clients. The new service is secured by an existing OAuth service. Access tokens that are issued by the existing OAuth service are accepted as initial access tokens by the new service.

For more information, see OAuth 2.0 Client Registration data instances.

Enhanced security of Robotic Desktop Automation requests

Security enhancements have been introduced in the communication (data synchronization or pulling data) between your application that uses robotic desktop automation functionality and Pega^® Platform. These applications (web, desktop, and legacy) communicate with Pega Platform through connectors. No additional configuration is necessary.

For more information, see Robotic automation.

Full support for Unicode characters in Pega Express

Pega^® Express now supports Unicode characters when you name properties, case types, and data types. Languages that use multibyte characters, such as Japanese and Hindi, are now fully supported. An administrator can enable Unicode support for Pega Express by configuring a Dynamic System Setting in Designer Studio.

For more information, see Enabling Unicode character support for object names.

Listener management in Designer Studio

On the new Listener Management landing page, you can view and manage available listeners across the cluster, including on the current node and remote nodes. By using this landing page, you can quickly debug and trace listeners. You can start, stop, and restart listeners, and you can filter the list of listeners by, for example, type, status, class, or name.

For more information, see Managing listeners.

Enhancements to PegaUnit test cases

Several enhancements have been made to PegaUnit test cases.

• You can now use the following new comparators for the page assertion:
  • Has errors – The assertion passes if the system finds all the pages for which there are errors.
  • Has no errors – The assertion passes if the system finds all the pages for which there are no errors.
• You can now export a list of all the PegaUnit test cases that are in the system or that are configured on a specific rule type to Microsoft Excel format.
• You can now view PegaUnit test cases for built-on applications.

For more information, see the Configuring page assertions and Exporting PegaUnit test cases help topics.

External keystore support in Pega Platform

Pega^® Platform now provides the ability to source certificates and encryption keys from external keystores. You use the Keystore rule to specify alternatives to the platform's database to source certificates and keys. You can choose to use a data page, a URL, or an external file in one of the following standard formats: JKS, JWK, PKCS12, KEYTAB, or KEY. Keystore information is stored in cache memory only. It is not stored on the clipboard nor is it directly accessible to the application logic.

For more information, see Creating a Keystore data instance.

Two-factor authentication with one-time passwords

Pega® Platform now supports two-factor authentication in custom authentication services and case flow processing, by sending a one-time password to an operator through email and requiring the operator to provide it back to your application for verification. Use REST API OTP Generation to generate and store one-time passwords, and REST API OTP Verification to verify passwords against user entries. You can also use the pxSendOTP and pxVerifyOTP activities called by these APIs to implement two-factor authentication of users in case flows prior to performing a critical operation (e.g. before completing a critical transaction such as a funds transfer in excess of a certain amount). Settings on the Security Policies landing page control the behavior of the two-factor authentication process.

For more information, see Enabling security policies.

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

Privilege inheritance support through access roles

Privilege inheritance simplifies the process of defining privileges that are relevant in multiple classes. When determining whether a user should be granted a named privilege that allows a type of access to a class, Pega^® Platform searches for Access of Role to Object (Rule-Access-Role-Obj) rules that are relevant to the target class and to the access roles listed in the user's access group, and considers the privileges granted or denied in those rules. When privilege inheritance is enabled within an access role, the search for relevant Access of Role to Object rules begins with the target class and, if necessary, continues up the class hierarchy until a relevant rule is found.

For more information, see Privilege inheritance for access roles.

Reused forms support fields that can be modified

Now, you can choose whether the fields in an embedded form are read only or can be modified at run-time. You can set the reused form to Auto, which maintains the display mode (read only, required, optional) set for each field. Reusing a form reduces development time and maintains a consistent layout for a set of fields.

For more information, see Reusing a form.