Published Release Notes

Enhanced security of Robotic Desktop Automation requests

Security enhancements have been introduced in the communication (data synchronization or pulling data) between your application that uses robotic desktop automation functionality and Pega^® Platform. These applications (web, desktop, and legacy) communicate with Pega Platform through connectors. No additional configuration is necessary.

For more information, see Robotic automation.

Record Editor and data import enhancements

The Record Editor and Import wizard for data types have been enhanced to make the import process faster and easier to use. You can now perform the following tasks.

• Configure the Record Editor to use full-text search, which makes searching faster.
• Configure the location of the data import error file. For example, you can set the location to a shared location so that users can access the file from any node in a multinode system.
• Pass the keys of the records that were added, updated, or matched directly to custom postprocessing without additional database I/O.
• Search and filter records and export only the results instead of all records.
• Stop an import that is in progress.

New Java API improves JSON serialization

By using a Java API, you can serialize a Page or Property clipboard object to a JSON string for faster JSON serialization. You can also create a map between API responses and an application's internal data model that improves integration performance and maintainability.

For more information, see Using the mapping API for high-performance JSON serialization and Using the mapping API for high-performance JSON deserialization.

External keystore support in Pega Platform

Pega^® Platform now provides the ability to source certificates and encryption keys from external keystores. You use the Keystore rule to specify alternatives to the platform's database to source certificates and keys. You can choose to use a data page, a URL, or an external file in one of the following standard formats: JKS, JWK, PKCS12, KEYTAB, or KEY. Keystore information is stored in cache memory only. It is not stored on the clipboard nor is it directly accessible to the application logic.

For more information, see Creating a Keystore data instance.

Two-factor authentication with one-time passwords

Pega® Platform now supports two-factor authentication in custom authentication services and case flow processing, by sending a one-time password to an operator through email and requiring the operator to provide it back to your application for verification. Use REST API OTP Generation to generate and store one-time passwords, and REST API OTP Verification to verify passwords against user entries. You can also use the pxSendOTP and pxVerifyOTP activities called by these APIs to implement two-factor authentication of users in case flows prior to performing a critical operation (e.g. before completing a critical transaction such as a funds transfer in excess of a certain amount). Settings on the Security Policies landing page control the behavior of the two-factor authentication process.

For more information, see Enabling security policies.

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

Privilege inheritance support through access roles

Privilege inheritance simplifies the process of defining privileges that are relevant in multiple classes. When determining whether a user should be granted a named privilege that allows a type of access to a class, Pega^® Platform searches for Access of Role to Object (Rule-Access-Role-Obj) rules that are relevant to the target class and to the access roles listed in the user's access group, and considers the privileges granted or denied in those rules. When privilege inheritance is enabled within an access role, the search for relevant Access of Role to Object rules begins with the target class and, if necessary, continues up the class hierarchy until a relevant rule is found.

For more information, see Privilege inheritance for access roles.

Cross-origin resource sharing (CORS) policies for APIs and REST services

You can now use cross-origin resource sharing (CORS) policies to control how external systems and websites (origins) are permitted to access resources such as APIs and services within your applications. For example, Pega^® Platform uses CORS policies to restrict which Pega Robotic client applications can connect to your Pega applications, and to limit which mobile apps can call Pega mobile services. Using CORS policies results in reduced cost and implementation times, while providing increased security when other systems or websites interact with your application.

For more information, see Creating a cross-origin resource sharing (CORS) policy and Mapping an endpoint to a cross-origin resource sharing (CORS) policy.

Log file description in web.xml incorrect after upgrade to Apache Log4j 2

As a result of the upgrade from the Apache Log4j 1 logging service to the Apache Log4j 2 logging service, it is recommended that you update the log file description in the web.xml file from location of prlogging.xml file to location of prlog4j2.xml file. The description indicates which log file is in use. Updating the description avoids confusion about which log file is current. Change the description as shown in the following example.

<resource-ref id="ResourceRef_5">
<description>location of prlog4j2.xml file</description>
<res-ref-name>url/pegarules.logging.configuration</res-ref-name>
<res-type>java.net.URL</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>

Apply logic to data import fields

When importing data from an external system, you can translate data fields into values that can be read by Pega^® Platform. From the Import wizard, you can do the following actions:

• Apply a decision tree or decision table to the data that is imported for a field.
• Use imported data for a field to look up a value in another record. For example, you can look up the key of a record that uses an external identifier to populate a foreign key field.
• Create templates that contain business logic, which eliminates the need to handle data transformations manually during preprocessing.

For more information, see Transforming data during import.