Published Release Notes

Deprecation of EAR deployments in Pega Platform 8.6

Starting with Pega Platform 8.6, EAR deployments of Pega Platform are deprecated. In the upcoming 8.7 release, EAR deployments will not be supported. The following rules that require EAR deployments will also be deprecated and no longer supported in Pega Platform 8.7:

• Connect EJB
• Connect JCA
• JCA Resource Adapter
• JMS MDB Listener
• Service EJB

With this deprecation, you can use the latest tools and keep your application up to date. 

Upgrade impact

In Pega Platform 8.6, you can still create rules that require EAR deployments and update existing rules. However, after an upgrade to Pega Platform 8.7, rules that require EAR deployments are no longer supported.

What steps are required to update an application to be compatible with this change?

To prepare your application for this change well in advance of the Pega Platform 8.7 release, see the following table for a list of alternative rules and for guidance on modernizing your application.

For information on the supported platforms that are affected by this deprecation, see Pega Platform 8.6 Support Guide.

External keystore support in Pega Platform

Pega^® Platform now provides the ability to source certificates and encryption keys from external keystores. You use the Keystore rule to specify alternatives to the platform's database to source certificates and keys. You can choose to use a data page, a URL, or an external file in one of the following standard formats: JKS, JWK, PKCS12, KEYTAB, or KEY. Keystore information is stored in cache memory only. It is not stored on the clipboard nor is it directly accessible to the application logic.

For more information, see Creating a Keystore data instance.

Terminate sessions for operators from outside the Pega 7 Platform

The newly added Users REST API allows an authorized administrator to terminate sessions for one or more operator IDs from outside the Pega^® 7 Platform. A typical use case for this API is to terminate a user’s session when the user's security credentials, which are stored externally, are known to have changed.

Access the Pega API by clicking Resources > Pega API.

REST APIs for viewing Pega Platform configuration settings

New REST APIs in the Nodes category provide a view of the current configuration settings for any node in a cluster or for an entire cluster. You can also find a specific node ID by listing all the nodes in the cluster. To diagnose settings issues for a node, you can download the prconfig.xml file.

For more information, see Pega API for Pega Platform 7.4, Pega API, and Viewing the current configuration settings for a node or the whole cluster.

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

CRM core data types included in Pega Platform

Customer Relationship Management (CRM) core data types are now included with Pega^® Platform, making it easier to bring your data into your Pega application. You can either import your data into the data tables for the CRM data types or use integration to communicate with your own system of record. The database tables for these data types are non-Pega formatted, which gives you better performance and more control over your data.

For information about the database tables, see CRM data types in Pega Platform.

Platform truststore for validating certificates

Pega Platform™ now includes a platform truststore, to which you can import X.509 certificates that are common across platform applications. When a certificate needs to be validated, Pega Platform looks for the certificate at the connector level, then in the platform truststore, and finally in the application server (JVM) truststore. You can add, update, and delete certificates in the platform truststore without having to restart the server, which is useful when TLS certificates are changed for reasons such as key rotation.

For more information, see Importing an X.509 certificate.

Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys

You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega^® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.

For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.

Simplified process for JMS MDB listener deployment

The process for deploying a JMS message-driven bean (MDB) that represents a JMS MDB listener has been streamlined for new enterprise applications. It is now less complicated and can be performed in fewer steps.

For more information on deploying to WebSphere, WebLogic, and JBoss, refer to the PDN article Deploying a JMS message-driven bean (MDB) that represents a JMS MDB listener in Pega 7.

Service Portlet rules are deprecated

Service Portlet rules are deprecated. Existing rules will continue to work, but you cannot create new ones. Use Pega Web Mashup instead. In addition, some changes might impact functionality. If you are using Portlet rules and plan to upgrade, contact your customer service representative.

For more information about Pega Web Mashup, see About Pega Web Mashup.