Published Release Notes

Validate rule support in offline-enabled applications

To enhance the user experience of your offline-enabled application, you can now use validate rules that are referenced by a flow action. You can also explicitly add other types of validate rules as offline-supported. The offline validation API provides two methods that you can use in your custom code to run from a Run script action or a custom JavaScript function. Several JavaScript utility functions, the equivalent of built-in Java functions for Pega^® Platform, are now also available.

For more information, see Validate rule support in offline mode and Function rule support in offline mode.

Security enhancements in offline-enabled applications

To enhance the security of an offline-enabled application, you can now set the time period during which a user of an offline-enabled application stays logged in before the lock screen is displayed. The password, lockout, audit, and operator disablement security policy settings are supported in offline-enabled applications. For example, if a user enters an incorrect password several times and is locked out of the account, you can specify in minutes for how long the user is prevented from logging back in.

For more information, see Setting maximum login time.

New service for generating OAuth 2.0 client credentials

Pega^® Platform now includes the oauthclients service package that provides a REST service for generating OAuth 2.0 client credentials. By using the client registration service, you can dynamically register OAuth 2.0 clients. The new service is secured by an existing OAuth service. Access tokens that are issued by the existing OAuth service are accepted as initial access tokens by the new service.

For more information, see OAuth 2.0 Client Registration data instances.

Enhanced security of Robotic Desktop Automation requests

Security enhancements have been introduced in the communication (data synchronization or pulling data) between your application that uses robotic desktop automation functionality and Pega^® Platform. These applications (web, desktop, and legacy) communicate with Pega Platform through connectors. No additional configuration is necessary.

For more information, see Robotic automation.

OAuth 2 token support in Pega Mobile Client

The Client Store module in Pega Mobile Client has been extended to support OAuth 2 tokens. The tokens are used to authorize data synchronization requests that are sent to the Pega^® Platform. Once the OAuth 2 token support is turned on and configured on the server, Pega Mobile Client starts using it automatically. This functionality is available on both iOS and Android devices.

For more information, see Enabling data synchronization with OAuth 2 tokens.

External keystore support in Pega Platform

Pega^® Platform now provides the ability to source certificates and encryption keys from external keystores. You use the Keystore rule to specify alternatives to the platform's database to source certificates and keys. You can choose to use a data page, a URL, or an external file in one of the following standard formats: JKS, JWK, PKCS12, KEYTAB, or KEY. Keystore information is stored in cache memory only. It is not stored on the clipboard nor is it directly accessible to the application logic.

For more information, see Creating a Keystore data instance.

Two-factor authentication with one-time passwords

Pega® Platform now supports two-factor authentication in custom authentication services and case flow processing, by sending a one-time password to an operator through email and requiring the operator to provide it back to your application for verification. Use REST API OTP Generation to generate and store one-time passwords, and REST API OTP Verification to verify passwords against user entries. You can also use the pxSendOTP and pxVerifyOTP activities called by these APIs to implement two-factor authentication of users in case flows prior to performing a critical operation (e.g. before completing a critical transaction such as a funds transfer in excess of a certain amount). Settings on the Security Policies landing page control the behavior of the two-factor authentication process.

For more information, see Enabling security policies.

Support for OAuth 2.0 authorization in Pega Platform REST services

Pega^® Platform REST services now support OAuth 2.0 authorization that uses federated authentication with SAML 2.0-compliant identity providers (IDPs). The OAuth 2.0-based authorization can be configured to use the SAML2-bearer grant type with a SAML token profile. This configuration is used when a resource requestor is authenticated by using a SAML2.0-compliant IDP.

For more information, see Security rules and data.

Privilege inheritance support through access roles

Privilege inheritance simplifies the process of defining privileges that are relevant in multiple classes. When determining whether a user should be granted a named privilege that allows a type of access to a class, Pega^® Platform searches for Access of Role to Object (Rule-Access-Role-Obj) rules that are relevant to the target class and to the access roles listed in the user's access group, and considers the privileges granted or denied in those rules. When privilege inheritance is enabled within an access role, the search for relevant Access of Role to Object rules begins with the target class and, if necessary, continues up the class hierarchy until a relevant rule is found.

For more information, see Privilege inheritance for access roles.

No support for Android versions earlier than 4.4 on mobile devices

Pega^® Platform dynamic layouts by default now use Flexbox-based rendering. As a result, mobile devices running on Android versions earlier than 4.4 are not supported in Pega Platform. Such devices cannot render correctly with Flexbox because the Pega Mobile Client includes the default stock browser on the Android operating system.