Published Release Notes

Single sign-on (SSO) support for Box

You can now use SSO integration with Box so that users who have already been authenticated are not asked to reauthenticate when accessing Box from their Pega application. The Pega application and the Box application must use the same identity provider federation. This capability provides an integrated user experience and supports automated case processing of attachments.

For more information, see Authentication Profile data instances - Completing the OAuth 2.0 tab.

Send and receive queued messages securely with IBM MQ servers

You can now configure applications developed on the Pega 7 Platform for secure message queuing with IBM MQ servers by using the MQ server rule form. You secure the connection by specifying the cipher suites with encryption standards that meet your requirements and the SSL/TLS X.509 certificates that you use for authentication.

For more information, see Configure secure message queuing with IBM MQ servers.

SAML 2.0 single sign-on authentication in multitenant environments

Multitenant application environments can now use SAML 2.0 for single sign-on (SSO) and single logout (SLO). Application users can access any authorized SSO multitenant applications without logging in to each application individually. SAML simplifies the login and logout process for users, mitigates security risks, and reduces the implementation costs that are associated with identity management.

For more information about configuring SAML 2.0 for single sign-on, see Web single sign-on (SSO) with SAML 2.0.

New PegaRULES:PegaAPISysAdmin​ role

The role PegaRULES:PegaAPISysAdmin​ has been added to the Pega 7 Platform. This required role gives system administrators access to the Pega API REST User Services and is not required for other services.

For more information, see Securing the Pega API.

Issue with the Sandbox directive on the Content Security Policy rule form has been fixed

An issue that related to the Sandbox directive not being applied, even after a value in the Content Security Policy rule form was selected, has been fixed. As a result, restrictions that are applied based on the settings in the Sandbox directive are now more closely aligned with the World Wide Web Consortium (W3C) specification than in previous releases. You should test your Content Security Policy to ensure that this change does not cause unexpected behavior in your application, such as making the security policy too restrictive.

Improved responsiveness of tab layout groups

Tab layout groups are now more responsive when several tabs are displayed on a screen. The tabs are shown in a single row that you can scroll horizontally by pressing the left or right arrows. Additionally, you can switch to a tab directly by pressing the down arrow.

For more information, see Adding a Layout Group.

Reconfiguration of the Adaptive Decision Manager service after upgrade to Pega 7.2.2

After you upgrade the Pega 7 Platform to version 7.2.2 from a version prior to 7.2,1, you need to configure the Adaptive Decision Manager service. Beginning with Pega 7.2.1, the Adaptive Decision Management (ADM) service is native to the Pega 7 Platform and is supported by the Decision data node infrastructure.

For more information, see Services landing page.

Disregard this startup error for Oracle Weblogic deployments

If you install, upgrade, or update your Oracle Weblogic application server to Pega 7.2.2, disregard the error stack that begins with text similar to the following:

ERROR - WebLogic Server 12.1.3.0.0 Wed May 21 18:53:34 PDT 2014 1604337 Oracle WebLogic Server Module Dependencies 12.1 Tue Mar 11 15:35:15 MDT 2014 WebLogic Jersey Server Integration 3.0 Fri Feb 21 10:55:11 UTC 2014 must use JDK 1.8+ with WebSocket
2016-11-07 06:13:01,690 [ WIN-L3EEURCNCP1] [ STANDARD] (pr.DefaultAsyncSupportResolver) ERROR - Real error: Unable to configure jsr356 at that stage. ServerContainer is null

This message appears because the Pega 7.2.2 real-time notification feature initially tries to use WebSocket and then falls back to long polling. The Pega 7 Platform does not support WebSocket for Oracle Weblogic servers, and instead uses long polling for real-time notifications.

Functionality of the pyInvokeRESTConnector rule and the pxDeferenceEndpoint rule moved to core engine

The functionality of the pyInvokeRESTConnector rule and the pxDeferenceEndpoint rule has been moved into the core engine code of the Pega 7 Platform. This change provides more consistent behavior, reduces maintenance, and reduces the risk of regression issues. As a result, you can no longer customize these rules, and upgrading the Pega 7 Platform requires special considerations if you previously customized these rules.

For more information, see Upgrading with customized pyInvokeRESTConnector and pxDeferenceEndpoint rules.

Disregard this Java script console message

Pega 7.2.2 introduced real-time notifications by using Comet technologies such as WebSocket and long polling. WebSocket provides the best results, but both WebSocket and non-blocking long polling must be supported by your application server. If your application server does not support WebSocket, you might see a JavaScript error that begins with text that is similar to the following text:

WebSocket connection to 'ws://vnbamdevapp01:8080/prweb/PRPushServlet/... Error during WebSocket handshake: Unexpected response code: 501_getWebSocket @ pzpega_ui_messaging_1802554968!!.js:1195 pzpega_ui_messaging_1802554968!!.js:3265 Websocket closed, reason: Connection was closed abnormally (that is, with no close frame being sent). - wasClean: falselog @ pzpega_ui_messaging_1802554968!!.js:3265 pzpega_ui_messaging_1802554968!!.js:3265 Websocket failed on first connection attempt. Downgrading to long-polling and resending

You can disregard this message.

However, to take advantage of the improvements to real-time notifications, enable support for WebSocket:

• For IBM WebSphere Application Server Liberty Core, see your deployment guide for instructions on configuring the application server.
• For Red Hat JBoss, see your deployment guide for instructions on enabling WebSocket support.
• For Apache Tomcat application servers, consider upgrading to Apache Tomcat 7.0.53 or later which supports WebSocket.