SR-C70146 · Issue 407968
Corrected SAML SSO logout error
Resolved in Pega Version 8.1.2
When performing a SAML SSO Logout, an error appeared indicating some artifacts were missing. This was traced to an incorrect NameQualifier being generated with IDP in the logoff request, and has been fixed by modifying the code to include an SPNameQualifier attribute for the NameID element in the logout request. Namespace has been added for logout requests at the parent level instead adding it at each node element.
INC-155813 · Issue 629504
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.4.5
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing.
SR-C65438 · Issue 406711
Added SAML parameter page generation for local use to bypass null auth object
Resolved in Pega Version 8.1.2
After defining any step which used parameters in the Post authentication activity of a SAML authentication service, the authentication failed with a java.lang.NullPointerException at com.pega.pegarules.session.internal.mgmt.Executable.putParamValue(Executable.java:3030). This was traced to local logic inserted to iterate through the SAML attributes that used a null parameter page. To resolve this, code has been inserted that will generate a new parameter page for the iteration rather than getting it from the authentication object.
SR-C64783 · Issue 407089
Corrected handling for SAML logoff
Resolved in Pega Version 8.1.2
On SAML logoff, the error "There has been an issue; please consult your system administrator; Status:fail ... No certificate found in truststore" appeared. Investigation showed this was an issue with the aliasing of certificates and signing that led to the requestor not being terminated for that logoff response. To correct this, when Pega receives a logout request which is invalid, it will terminate the session instead of throwing a PRRunTimeException.
INC-170423 · Issue 648982
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.4.5
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
SR-C65757 · Issue 404535
Support added for POST binding in SAML logout
Resolved in Pega Version 8.1.2
Enhancements have been added in code and rule changes to support POST binding for SAML logout. In addition, handling has been added to resolve an ArrayOutOfIndexException error that was appearing if IDP sent parameters without any value.
SR-C65757 · Issue 406953
Support added for POST binding in SAML logout
Resolved in Pega Version 8.1.2
Enhancements have been added in code and rule changes to support POST binding for SAML logout. In addition, handling has been added to resolve an ArrayOutOfIndexException error that was appearing if IDP sent parameters without any value.
SR-C62434 · Issue 410619
Optimize Schema Index Creation updated to use Admin Datasource when available
Resolved in Pega Version 8.1.2
When configured according to the Pega Installation Guide, the SQL Server base user did not have the ALTER privilege enabled on the data schema. The Optimize Schema Index Creation was using the base user datasource "jdbc/PegaRULES" instead of the admin datasource "jdbc/AdminPegaRULES" even though an admin connection was available. This was an oversight during development, and has been fixed by modifying NoDBAUtils.java to use an admin connection if one is available. In addition, a clarification has been added to the UI to alert the user that an optimization job has been scheduled rather than completed.
SR-C70757 · Issue 411814
Added null check to resolve error when using datapage as dropdown source
Resolved in Pega Version 8.1.2
The user application was hanging with the browser console error "Uncaught SyntaxError: Unexpected end of JSON input" when using Dropdown controls with Datapage as a source in conjunction with parameterized datapages to create a cascading second dropdown. This did not happen when using any other data sources for the same control dropdown. This has been resolved by adding a null check at the reloadcell response.
SR-C73131 · Issue 411758
SAML login rule form documentation updated to reflect usage with IDP
Resolved in Pega Version 8.1.2
SAML authentication was not working properly during login. This was traced to the assertion not being signed when SAML responses received from IDP require this, and was due to the check box under SP settings not being applied for POST binding. As a result, a local IDP configuration sent a signed response but not a signed assertion. To clarify this, the label message in the SAML rule form has been modified to read "Reject unsigned response and assertion" and the help documentation has been updated to reflect this usage.