Published Release Notes

External keystore support in Pega Platform

Pega^® Platform now provides the ability to source certificates and encryption keys from external keystores. You use the Keystore rule to specify alternatives to the platform's database to source certificates and keys. You can choose to use a data page, a URL, or an external file in one of the following standard formats: JKS, JWK, PKCS12, KEYTAB, or KEY. Keystore information is stored in cache memory only. It is not stored on the clipboard nor is it directly accessible to the application logic.

For more information, see Creating a Keystore data instance.

Terminate sessions for operators from outside the Pega 7 Platform

The newly added Users REST API allows an authorized administrator to terminate sessions for one or more operator IDs from outside the Pega^® 7 Platform. A typical use case for this API is to terminate a user’s session when the user's security credentials, which are stored externally, are known to have changed.

Access the Pega API by clicking Resources > Pega API.

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

Platform truststore for validating certificates

Pega Platform™ now includes a platform truststore, to which you can import X.509 certificates that are common across platform applications. When a certificate needs to be validated, Pega Platform looks for the certificate at the connector level, then in the platform truststore, and finally in the application server (JVM) truststore. You can add, update, and delete certificates in the platform truststore without having to restart the server, which is useful when TLS certificates are changed for reasons such as key rotation.

For more information, see Importing an X.509 certificate.

Encrypt sensitive case data by using a secure default Pega Platform cipher and AWS KMS keys

You can encrypt sensitive data within your application without having to write custom cipher classes. You can configure encryption on the Data Encryption landing page by using your own keys managed in your private Amazon Web Services Key Management Service (AWS KMS) instance. Pega^® Platform encryption uses keys that are stored in AWS KMS to support both time-based and on-demand key rotation. Technical issues can arise in some cases, for example, if a key is deleted from AWS KMS.

For more information, see Potential problems with keystores when using AWS KMS, Configuring a Platform cipher, Types of ciphers.

Integrated Application Security Checklist helps you deploy a secure application

Pega^® Platform now provides an Application Security Checklist that you can refer to when you prepare your application for deployment. By completing the recommended tasks in this checklist, you can track your progress, access instructional information for tasks, and verify that your configurations are secure.

For more information, see Preparing your application for secure deployment, Compliance Score tab, Designer Studio — Home page.

Merge application-level test reports by using the Pega API service

A new REST API is now available so that you can merge test coverage reports at the application level without having to perform this task manually. This service accepts the application IDs for the test coverage reports that you want to merge and generates a consolidated report in the target application provided.

For more information about setting up your environment and making API calls with Deployment Manager, see the Documentation/readme-for-swagger.md file in the DeploymentManager04_08_0x.zip file, found in the Deployment Manager download package.

Pega unit test suites are now modular

It is now possible to include test cases and test suites inside test suites. This feature makes test suites modular and improves the management of cases while creating, modifying, and executing them for regression testing.

For more information, see Pega unit test suites.

Use Kerberos credentials in a Pega application to authenticate and access external systems

Authentication services now support Kerberos as an authentication type. When you connect from the Pega 7 Platform to external systems and services that require Kerberos authentication, the Pega 7 Platform stores the user Kerberos credentials and makes them available in Pega 7 Platform connectors.

For more information, see Using Kerberos credentials in a Pega application to authenticate and access external systems.

Pega Express methodology in App Studio for successful Microjourneys

App Studio now supports the Pega Express™ methodology to help you visualize the key factors of your Microjourneys™ - case types, personas, and data objects. With Microjourneys, you can analyze and clearly communicate who the parties that interact with your cases are, what channels of communication they use, and what data they need to resolve a case. Associating personas and data objects with case types also helps you manage your development team's workload by using a list of the draft elements that they need to develop.

For more information, see Plan successful microjourneys in App Studio (8.4), Creating a microjourney for customer success.

Upgrade impact

During a Pega Infinity™ upgrade to 8.4 and later, clients using App Studio are asked to update their applications to support use of the Pega Express™ methodology. Without this application update, the Persona landing page and Data objects and integration landing page are empty. For more information, see Pega 8.4 Deep Dive: Pega Express methodology in App Studio.

What steps are required to update the application to be compatible with this change?

In order to utilize the Pega Express methodology in App Studio and use the Inventory page, click Start now to complete the update of your application and add the required rules to it. If you choose to cancel, App Studio continues to work as expected without the Pega Express methodology features; you can click Start now at the top of your application overview page at any time to install the required rules in your application.