SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
INC-173162 · Issue 650795
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.7
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.
INC-174625 · Issue 655242
Admin Studio will consider cluster protocol when returning listener status
Resolved in Pega Version 8.7
When using a few nodes in standalone mode for BIX extract combined with server nodes using Hazelcast, opening the admin studio pages with service discovery caused an error to be thrown. This was traced to the system writing an entry to pr_sys_statusnodes table as an embedded node whenever a BIX extract was triggered, causing those standalone nodes to be incorrectly considered by the listener landing page. This has been resolved by configuring the system to either return the local member when the cluster protocol is standalone or to return all Hazelcast members if the cluster protocol is Hazelcast.
INC-181941 · Issue 664808
Handling added for using virtual network interface for Stream Services startup
Resolved in Pega Version 8.7
After update, the restart of any node failed with the error "Unable to create DSM service DATA-DECISION-SERVICE-STREAMSERVER DEFAULT". This has been resolved by adding support for allowing stream service to start on the virtual network interface in cases where it was explicitly configured via the "cluster/hazelcast/interface".
SR-D28460 · Issue 509365
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.2.4
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-123717 · Issue 192182
Purging of covered objects improved
Resolved in Pega Version 7.1.8
When purging a Cover item, the history of certain covered objects was not purged. This happened when the Cover and Covered classes belonged to different class groups. This happened because the 'getHistoryKeys' function tries to fetch the history details of a given key by looking into its history table. This was using the class group information from the archive configuration, which was not always the same for covered objects. To resolve this, the classgroup info will be fetched from its key - looking up Class map using the constructed class name will give the actual History Class name.
INC-196447 · Issue 684644
Enhancements added for external Kafka Stream Service
Resolved in Pega Version 8.7
To ensure data privacy when using multi-tenant Stream Service hosted on a single Kafka cluster, access will be authorized based on ACLs when a tenant sends direct requests to Kafka. In addition, all Kafka resources (topics and consumer groups) are now able to contain a prefix naming convention which can be used for tenants. This is handled through using a <env name="services/stream/name/pattern" value="{tenant.name}-{environment}-{stream.name}"/> prconfig setting to set the stream name pattern. For example, if the tenant.name is resolved into "companyname", environment into "prod1", and the stream dataset name is pyFTSIncrementalIndexer, then the Topic name created on the external Kafka will be companyname-prod1-pyFTSIncrementalIndexer.
SR-122591 · Issue 183772
Addressed migrate.bat file datetime format issue
Resolved in Pega Version 7.1.8
The script 'migrate.bat' sets up a logfile name based on the current time/date. However, the script was only working when using United States/English as the locale where the format of the '%date%' variable was MM/DD/YYYY, and failed with an obscure error in locales using the DD/MM/YYYY format. There was a local change of hardcoding the 'TIMESTAMP' variable, but this has been resolved by adding the use of a local insensitive datetime from the WMIC utility on Windows systems for the install.bat, upgrade.bat, resume.bat and migrate.bat scripts. The WMIC utility (Windows Management Interface Cmdline) is supported in XP and beyond.
SR-127803 · Issue 192265
Error information enhanced for Connector wizard working with external Teradata DB
Resolved in Pega Version 7.1.8
When using Teradata as an external DB, an exception was generated while using the SQL connector wizard and no rules were generated. This was caused by passing a date column that was not supported. The error has been addressed to make it more informative, but at this time the classes and properties for the fields and the mapping of the classes to the associated tables must be done manually. If the decision is made to use Date/Time properties that are mapped to Date fields, there may be time zone conversion issues. Further, mapping a Date property to the DATE column will allow the field to come across from a report definition but will not work as part of the filter (e.g. EFFT_DATE > "2014-12-01").
SR-124477 · Issue 187138
Logic updated for Ruleset Refactor - Merging Ruleset
Resolved in Pega Version 7.1.8
When using the rule set refactor wizard to merge the rule set from lower version to higher version, the wizard did not show the rules in the source rule set on the second screen (Rules Impacted are "0") which had a number of rule conflicts. In addition, the error "StringIndexOutOfBoundsException" was logged. This was caused by the RuleSetMaintImpl buildRuleSetInventory method not filtering out data instances correctly, causing errors when trying to validate a Data instance as a rule. This has been corrected.