SR-D46681 · Issue 514434
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.4
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
SR-D29127 · Issue 506864
SAML data pages restored after passivation
Resolved in Pega Version 8.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D41482 · Issue 507884
SAML data pages restored after passivation
Resolved in Pega Version 8.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D41454 · Issue 506536
Updated HotFix Manager for use in older versions
Resolved in Pega Version 8.4
The DL logic in Hotfix Manager was changed in 8.3 to include the catalog of all framework changes. This had the unintended side effect of preventing DLs from being installed in Pega 7.3.1 and lower versions as the versions included in the catalog are not present on those systems and the validation failed. This has been resolved by revising the DL update so the system will only add all apps to the catalog for platform 7.4+ DLs.
INC-173162 · Issue 650795
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.7
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.
SR-D23862 · Issue 503897
Corrected test connection for LDAP AuthService using keystore
Resolved in Pega Version 8.4
When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null". Investigation showed that file reference keystore did not work with an LDAPS test connection because while run time used the LDAPVerifyCredentials activity, the design time validation used the activity “ValidateInfrastructure” which did not have the required code to support file reference keystore. This has been corrected.
SR-D44041 · Issue 513919
Local UUID cache will be updated when merge event is detected
Resolved in Pega Version 8.4
Cluster-related issues were seen in multiple production clusters. For some nodes in the cluster the Cluster Management screen showed all expected nodes with valid Node IDs displayed, and on other nodes the Cluster Management screen showed the node ID of itself, SERVER@localhost:5701. On an impacted node displaying the wrong ID, the Node Information landing page did not work and displayed the error "Unable to execute job on ." Multiple advanced agents running on nodes in the affected clusters, both with correct and incorrect IDs, also failed with a similar error "Unable to execute job on <node's job id>". This was traced to a merge performed after a split brain. To resolve this, the code has been updated to handle merge events: when the node UUID is changed as part of a split brain recovery, the local UUID cache will be updated when the merge event is detected.
SR-D51554 · Issue 514063
Local UUID cache will be updated when merge event is detected
Resolved in Pega Version 8.4
Cluster-related issues were seen in multiple production clusters. For some nodes in the cluster the Cluster Management screen showed all expected nodes with valid Node IDs displayed, and on other nodes the Cluster Management screen showed the node ID of itself, SERVER@localhost:5701. On an impacted node displaying the wrong ID, the Node Information landing page did not work and displayed the error "Unable to execute job on ." Multiple advanced agents running on nodes in the affected clusters, both with correct and incorrect IDs, also failed with a similar error "Unable to execute job on <node's job id>". This was traced to a merge performed after a split brain. To resolve this, the code has been updated to handle merge events: when the node UUID is changed as part of a split brain recovery, the local UUID cache will be updated when the merge event is detected.
SR-D52336 · Issue 518388
Local UUID cache will be updated when merge event is detected
Resolved in Pega Version 8.4
Cluster-related issues were seen in multiple production clusters. For some nodes in the cluster the Cluster Management screen showed all expected nodes with valid Node IDs displayed, and on other nodes the Cluster Management screen showed the node ID of itself, SERVER@localhost:5701. On an impacted node displaying the wrong ID, the Node Information landing page did not work and displayed the error "Unable to execute job on ." Multiple advanced agents running on nodes in the affected clusters, both with correct and incorrect IDs, also failed with a similar error "Unable to execute job on <node's job id>". This was traced to a merge performed after a split brain. To resolve this, the code has been updated to handle merge events: when the node UUID is changed as part of a split brain recovery, the local UUID cache will be updated when the merge event is detected.
SR-D64090 · Issue 525866
Local UUID cache will be updated when merge event is detected
Resolved in Pega Version 8.4
Cluster-related issues were seen in multiple production clusters. For some nodes in the cluster the Cluster Management screen showed all expected nodes with valid Node IDs displayed, and on other nodes the Cluster Management screen showed the node ID of itself, SERVER@localhost:5701. On an impacted node displaying the wrong ID, the Node Information landing page did not work and displayed the error "Unable to execute job on ." Multiple advanced agents running on nodes in the affected clusters, both with correct and incorrect IDs, also failed with a similar error "Unable to execute job on <node's job id>". This was traced to a merge performed after a split brain. To resolve this, the code has been updated to handle merge events: when the node UUID is changed as part of a split brain recovery, the local UUID cache will be updated when the merge event is detected.