SR-A92057 · Issue 259453
OneTimeUse cache file generation disabled for SAML2
Resolved in Pega Version 7.2.2
Whenever SAML2 Token contained a "OneTimeUse" caching condition there were thousands of unwanted files generated. This caching has been disabled in the assertion validation code of SAMLv2ResponseProtocolValidator.java, so even if SAML2 token contains that OneTimeUse condition these files will not be generated.
SR-A76677 · Issue 253493
IDP SAML 2.0 schema validation error resolved
Resolved in Pega Version 7.2.2
When generating the Pega SP metadata after importing the Shibboleth IDP metadata, the error "The metadata does not pass the SAML 2.0 schema validation" appeared. This has been resolved by modifying the pzDownloadSPMetadata activity to generate a unique secure random ID prefixed with an underscore.
SR-A89074 · Issue 258503
Resolved upgrade issues with ConnectSOAP using MTOM
Resolved in Pega Version 7.2.2
After upgrading, Connect SOAP request messages were failing on the back end server with the error "xop 3.2.2.a: xop:Include must be the sole child of element" . Analysis showed the base64binary was not being substituted correctly with the expected "XOP Include" element. Axis uses Axiom to write Multipart messages and multiple XOP writers are involved in writing and encoding the message. When the writer stream is flushed , it depends on SimpleNsStreamWriter to write the bytes. SimpleNsStreamWriter is currently packaged as part of WStx-2.3-asl.jar and webservices-rt.jar, but this was not true in previous versions. As a result after upgrade, Webservices-rt classes is taking precedence over wstx-asl classes, which was generating the XOP:include elements with inline content. For better backwards compatibility, the WS-TX jar references have been removed from the webservices-rt.jar so that now it will rely on wstx-asl-3.2.3.jar which is already shipped with the product.
SR-A93295 · Issue 260100
Page-Copy given 'when' rule for assembler switch
Resolved in Pega Version 7.2.2
Performance issues relating to XML stream assembly were identified as an assembler switch problem in the Page-Copy Activity Method step. To improve response, a 'when' rule has been instituted to control switching between the old assembly Action aspect or the Model aspect in a scoped way, but can be overridden in the parse XML rule applies-to class.
SR-A75998 · Issue 253191
Improved SOAP envelope cache for WSA/WSSE use
Resolved in Pega Version 7.2.2
After configuring and successfully using Connect-SOAP to a non-secure Endpoint, enabling WSA and WSSE for the connect-SOAP configuration and then disabling it again generated the error "Caused by: com.pega.apache.axis2.AxisFault: A required header representing a Message Addressing Property is not present". This was due to the way the SOAP envelope was being cached and the code has been updated to correctly reflect the desired header processing.
SR-A101242 · Issue 270252
STS Policy parsing fixed for Apache Rampart
Resolved in Pega Version 7.2.2
Changes to the Apache Rampart code in Pega 7 introduced an error with parsing the the Web-Service-Policy with a PRCustom activity that writes the SAML token to the requestor during login with an STS / SSO context. This has been rectified by creating an object of com.pega.apache.ws.secpolicy.model.HttpsToken class and setting values based on the parameters set in the received policy assertion.
SR-A24408 · Issue 248682
Page clearing added for AuthReqContex
Resolved in Pega Version 7.2.2
The page "AuthReqContex" was loaded up during SAML authentication and then passivated, but the pages were retained in the clipboard and improperly activated by an unknown thread, causing an error. This has been resolved by adding Page-Remove steps wherever needed in auth activity and logout activity (AuthReqContext, LoginInfo, ReqInfo, RelayStateInfo, and SessionInfo) to remove the pages that are no longer needed.
SR-A93912 · Issue 261494
SSLUtils modified to support app container keystore/truststore
Resolved in Pega Version 7.2.2
Keystore and truststore configured at application container level were not being used by SOAP Connectors. To facilitate use, when SSL settings are not provided at a rule level SSLUtils will create a wrapper around the Java default SSL artifact and use that.
SR-A93912 · Issue 264848
SSLUtils modified to support app container keystore/truststore
Resolved in Pega Version 7.2.2
Keystore and truststore configured at application container level were not being used by SOAP Connectors. To facilitate use, when SSL settings are not provided at a rule level SSLUtils will create a wrapper around the Java default SSL artifact and use that.
SR-A67007 · Issue 255075
Catch improved to close Message Explorer connections
Resolved in Pega Version 7.2.2
When using the Message Explorer functionality provided on the JMS Connect rule form, it only allows a number invocations equal to the size of the connection pool. Due to an issue with releasing the connections when using Resource Reference mode or IIOP protocol, the pool was being exceeded and the error "Couldn't create connection object" appeared. This has been fixed by changing the conditional catch for closing the connection with a more effective try catch.