INC-188162 · Issue 673507
RSA-PSS signature support added for for SAML SSO
Resolved in Pega Version 8.7
The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.
INC-170423 · Issue 648985
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.7
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-162434 · Issue 640051
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-175897 · Issue 655466
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-168837 · Issue 646972
CSRF token updated for use with OKTA login
Resolved in Pega Version 8.7
An issue seen while connecting via OKTA has been resolved by updating the CSRF token validation for use with IDP initiated SSO login.
INC-196414 · Issue 684238
OAuth token refreshed when revoked on source
Resolved in Pega Version 8.7
When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.
SR-D39302 · Issue 507981
Report name in tab uses localization
Resolved in Pega Version 8.2.4
After creating a field value with field name as pyCaption to localize the report definition name, the title in the report definition tab was not translated. This was traced to Step 1 of the activity displayReport using an old localization function, and has been resolved by changing the localization of document title to use pyCaption.
SR-D23862 · Issue 503896
Corrected test connection for LDAP AuthService using keystore
Resolved in Pega Version 8.2.4
When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null". Investigation showed that file reference keystore did not work with an LDAPS test connection because while run time used the LDAPVerifyCredentials activity, the design time validation used the activity “ValidateInfrastructure” which did not have the required code to support file reference keystore. This has been corrected.
INC-132169 · Issue 584759
NativeSQL will use inline rule resolution for core components
Resolved in Pega Version 8.5.1
After upgrade, nodes were going down with a heartbeat error. This was traced to issues with NativeSQL taking a very long time to generate queries due to the overhead in calling multiple complex functions to resolve rules. To correct this, updates have been made to resolve the standard set of functions used by core components inline in NativeSQL function resolution.