INC-188162 · Issue 673507
RSA-PSS signature support added for for SAML SSO
Resolved in Pega Version 8.7
The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.
INC-178148 · Issue 660924
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
INC-188405 · Issue 673063
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
SR-A8595 · Issue 218942
Security updated for SAML Rule keystores
Resolved in Pega Version 7.2
Password encryption has been updated for the Keystores records used by SAML Rule forms for signing and decryption in the auth service rule data.
INC-170423 · Issue 648985
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.7
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-162434 · Issue 640051
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-175897 · Issue 655466
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
INC-200299 · Issue 689561
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.
SR-A6223 · Issue 214939
Resolved WSDL SOAP exception when using target namespace
Resolved in Pega Version 7.2
When adding a well-defined XML ParseRule as a Request Header, saving and checking in the rule caused the Deployment results link to generate the error "Caught exception while creating WSDL for service package: : com.pega.pegarules.pub.PRRuntimeException: PRRuntimeException Header message is included with method namespace instead of targetnamespace" This was an error in the code handling a target namespace for Request Headers (configured on the Service Soap -> Requests tab), and has been fixed.
SR-A2779 · Issue 213357
XMLSecurity library updated to ensure proper SAML STS token signature verification
Resolved in Pega Version 7.2
Classes of Repackaged version of XML Security library were conflicting with JDK/container and causing sporadic signature failures. The ApacheXMLDSig which gets registered as part of the initialization of WSS4j often conflicts with the providers with same name but loaded earlier during server startup. This has been resolved by modifying the XMLSecurity library to register the provider with a different/unique name that will not conflict with any of the standard registered providers.