INC-188162 · Issue 673508
RSA-PSS signature support added for for SAML SSO
Resolved in Pega Version 8.6.3
The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.
SR-B37819 · Issue 296299
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
SR-B43950 · Issue 300643
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
SR-B43950 · Issue 301551
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
INC-182530 · Issue 695761
SAML datapages cleared before new authentication
Resolved in Pega Version 8.6.3
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
SR-B17403 · Issue 297717
Resolved concurrent mod exceptions when using getValueInType API
Resolved in Pega Version 7.3
Concurrent modification exceptions were observed in the logs when the getValueInType API was called to fetch property values from multiple threads. To resolve this, the getValueInType API has been made thread safe by synchronizing its access.
INC-195511 · Issue 693220
Check added for child join class when using ABAC
Resolved in Pega Version 8.6.3
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
SR-B32618 · Issue 276417
Enhancement added to maintain blank properties when using History Snapshots
Resolved in Pega Version 7.3
In HistorySaver, using ClipboardProperty.setValue to save snapshot data for the previous version of the rule had the side effect of stripping blank properties from the clipboard page, and so any rules that rely on these properties would not be restored correctly. To resolve this, an enhancement has been added to specially handle instances History- class and its descendants to serialize blob with EmptyProperties.
SR-B32618 · Issue 276417
Enhancement added to maintain blank properties when using History Snapshots
Resolved in Pega Version 7.3
In HistorySaver, using ClipboardProperty.setValue to save snapshot data for the previous version of the rule had the side effect of stripping blank properties from the clipboard page, and so any rules that rely on these properties would not be restored correctly. To resolve this, an enhancement has been added to specially handle instances History- class and its descendants to serialize blob with EmptyProperties.
SR-B3657 · Issue 274527
SAML authentication enhanced to detect encoded/decoded response
Resolved in Pega Version 7.3
Even though SAML authentication was working as expected, an error message was being logged when the system attempted to process the authentication response as encoded before falling back to process it as decoded. To remove confusion, Fallback has been removed and instead the system will intelligently identify the response as encoded/decoded and handle it appropriately without generating an unnecessary error.