SR-D63232 · Issue 524294
Support added for Authentication service rule attributes in embedded pages
Resolved in Pega Version 8.3.2
SSO login was not working, giving the error "Unable to process the SAML WebSSO request : No value specified for Attribute in SAML assertion". Investigation showed the Authentication service rule could only map attributes that are on the top level page and did not consider embedded page values. To resolve this, tools.getProperty will be used to fetch the property reference value instead of find Page and getString.
INC-176274 · Issue 666390
Timeout check added to authorization to preserve portal context
Resolved in Pega Version 8.7
When using SAML SSO Authentication Service with "Use access group timeout" and "Redirect to IDP login after logout" selected and "Force authentication" not selected, manually logging out correctly returned the view to the custom SSO login page but the timeout logout returned the default Pega login page as if SSO was not in use. Analysis showed there was a "Failed to open portal" error after doing some action post timeout, and this was traced to pyPortal page not having a value. Investigation showed this was blank due to the creation of new thread while the requestor state was perceived as unauthenticated because of the timeout. To resolve this, a timeout check has been added to the following: Authorization#setActiveAccessGroup(java.lang.String, boolean, boolean, java.util.Map) BasicApplicationContextImmutableImpl#applyApplicationProperties
SR-D56409 · Issue 520742
URL Encryption and Obfuscation made compatible with site-minder
Resolved in Pega Version 8.3.2
Attempting to install a DL using Hfix Manager worked when not going through SSO but failed when using SSO. Investigation showed that this was due to the use of URLEncryption: URLEncryption uses a Pega-supplied base64 to encode the cipher text with MIME type encoding by default, which adds newline character after every 72 characters. This is not compatible with site-minder. which has policies to restrict newline characters in the URL. As a result, none of the encrypted requests were being processed. To resolve this, post-processing logic has been added to remove newline characters from encoded text. This change has also been applied top URLObfuscation.
SR-D50539 · Issue 521149
DB locking improved for login performance
Resolved in Pega Version 8.3.2
A slowness issue seen when trying to login to my.pega.com was traced to numerous DB locks occurring on the pr_data_saml_authreqcontext table during the SAML flow. Analysis showed that while running Obj-Save on AuthRequestContext with 'OnlyIfNew' as false, the check caused a select query to run on the table to determine if the context was already there and insert it if it was not. To resolve this, the onlyIfNew check will default to true to avoid running the query; if the context is already present it will be overridden. Duplicate key exception handling has also been added to avoid any issues if a resave is done with same key.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
SR-D37894 · Issue 505974
Query parameters will be cleared after redirection from authentication
Resolved in Pega Version 8.3.2
When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.
INC-177737 · Issue 663141
Authentication requirement updated for CallConnector
Resolved in Pega Version 8.7
After update, invoking a REST API call during SSO login which eventually called pxCallConnector (Final Activity) in @baseclass Pega-RulesEngine failed at the CallConnector step. This was caused by a change in recent Pega versions which enabled authentication for this activity, and has been resolved by marking the activity as internal and disabling the authentication requirement.
SR-D76348 · Issue 538607
Right-to-left styling added to Cosmos localization
Resolved in Pega Version 8.3.2
When using Cosmos, the Preview Screen was displayed in the middle of the screen when using a locale that reads right to left, such as Arabic or Hebrew. This has been resolved by updating the styling to handle right-to-left scenarios.
SR-D45608 · Issue 519900
Correct service instance name passed for data flow in DSMStatus
Resolved in Pega Version 8.3.2
When using the Connect-HTTP service "DSMStatus" to provide the node and status information as seen on the various tabs of the Designer Studio > Decisioning > Infrastructure > Services landing page, using DataFlow as the service parameter for the HTTP service method resulted in an empty response when the expectation was to get the information regarding the cluster details of Dataflow node type. This was traced to the service instance name not being parsed correctly when used for Data Flow services, and has been resolved by ensuring the correct service instance name is passed for this use.
INC-187553 · Issue 675429
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.