INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
SR-A101069 · Issue 270616
Fixed dropdown issues when using Google Chrome
Resolved in Pega Version 7.2.2
The following issues were noted when using the Google Chrome browser: when selecting values from drop down in collapsible header, the section did not refresh according to selection; when the drop down was expanded, it loaded in front of collapsible header; when trying to select values which were within a collapsible header, the header became collapsed. These issues were due to the function expandHeader not being called in Google Chrome, and the function will now be called accordingly.
SR-A101069 · Issue 269981
Fixed dropdown issues when using Google Chrome
Resolved in Pega Version 7.2.2
The following issues were noted when using the Google Chrome browser: when selecting values from drop down in collapsible header, the section did not refresh according to selection; when the drop down was expanded, it loaded in front of collapsible header; when trying to select values which were within a collapsible header, the header became collapsed. These issues were due to the function expandHeader not being called in Google Chrome, and the function will now be called accordingly.
SR-A101069 · Issue 270595
Fixed dropdown issues when using Google Chrome
Resolved in Pega Version 7.2.2
The following issues were noted when using the Google Chrome browser: when selecting values from drop down in collapsible header, the section did not refresh according to selection; when the drop down was expanded, it loaded in front of collapsible header; when trying to select values which were within a collapsible header, the header became collapsed. These issues were due to the function expandHeader not being called in Google Chrome, and the function will now be called accordingly.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-195519 · Issue 698496
Support added for using CFW when Pega server is unavailable
Resolved in Pega Version 8.5.6
Data synchronization changes have been added to allow Client for Windows to work in offline mode without an AppCache manifest.
INC-195511 · Issue 693218
Check added for child join class when using ABAC
Resolved in Pega Version 8.5.6
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
SR-A92057 · Issue 259453
OneTimeUse cache file generation disabled for SAML2
Resolved in Pega Version 7.2.2
Whenever SAML2 Token contained a "OneTimeUse" caching condition there were thousands of unwanted files generated. This caching has been disabled in the assertion validation code of SAMLv2ResponseProtocolValidator.java, so even if SAML2 token contains that OneTimeUse condition these files will not be generated.
SR-A76677 · Issue 253493
IDP SAML 2.0 schema validation error resolved
Resolved in Pega Version 7.2.2
When generating the Pega SP metadata after importing the Shibboleth IDP metadata, the error "The metadata does not pass the SAML 2.0 schema validation" appeared. This has been resolved by modifying the pzDownloadSPMetadata activity to generate a unique secure random ID prefixed with an underscore.
SR-A77173 · Issue 254080
IsWindowStealFocusInIEAllowed allows 'when' value
Resolved in Pega Version 7.2.2
In order to run legacy and Pega applications in parallel, a site configured the system to create a case in the Pega application as soon as a case was created in the legacy application. The intent was to have the case created in Pega to be in the background, but performing any DC actions shifted focus to the Pega app window when using Microsoft Internet Explorer . In order to have the configuration work as desired, the pyIsWindowStealFocusInMicrosoft Internet Explorer Allowed when rule must be set to false (default is true). Support for a conditional window focus configuration is now available, based on pyIsWindowStealFocusInMicrosoft Internet Explorer Allowed 'when' rule value.