INC-193561 · Issue 680427
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.7
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
INC-177665 · Issue 662020
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186868 · Issue 675245
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186654 · Issue 669115
GetStatusChanges performance improvements
Resolved in Pega Version 8.7
Performance issues were seen when running the GetStatusChanges report. This was traced to the filtering methods used, and has been resolved by updating the report definition and enhancing the filtering conditions.
INC-207218 · Issue 706367
Check added to prevent duplicate approval by single agent
Resolved in Pega Version 8.8
When using a cascading Approvals process supported both by a web access button or by responding via email, a single agent could use both methods and advance a case an additional step as if they were the next approval level. This was due to the system only checking the pzInsKey when processing the approval while the assignment key will be the same for the cascading approvals assignments. This has been resolved by introducing a datetime check to validate if the email approval assignment creation datetime and the one in the database have same value; if yes the approval process will proceed and if not it will exit.
INC-169186 · Issue 655537
Disconnect button availability extended
Resolved in Pega Version 8.7
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-178834 · Issue 660425
RDA support added for Citrix XenApp
Resolved in Pega Version 8.7
Robot Runtime was not working in a Citrix XenApp environment when using the JWT token generated by the D_pxRoboticJWTToken data page to identify the user. This has been resolved by updating the scope of the datapage D_pxRoboticJWTToken from node level to requestor, which will allow the user information in the JWT token to be passed to the routing service and support the use of RDA in Citrix environments.
INC-148817 · Issue 604969
Added check for ABAC policy to getassignmentdetailsinternal
Resolved in Pega Version 8.5.2
When an attribute based access control (ABAC) policy was defined on a particular class, the policy was properly applied when browsing instances of the class and directly opening the work object. However when an associated assignment was processed via the DXAPI (using the assignments service) the security was not applied and users who should not have access were able to progress the case. This has been resolved by adding a check in the pzgetassignmentdetailsinternal activity to check for work object opening security.
INC-215499 · Issue 714488
Assignment routing updated for swimlanes
Resolved in Pega Version 8.8
Routing options were not working for workbasket routing when using swimlanes. Investigation showed that when an assignment was added inside the swimlane, the assignment type value was defaulting to Worklist on submit of the assignment property panel. Manually changing it to workqueue did not make the routing section visible. This has been resolved by adding a 'visible when' condition to the "Route To" field to check if the assignment is not in the swimlane. The same check has been added to a 'disable when' condition for the 'Assignment type' drop down.
INC-216154 · Issue 718234
SMTPPort parameter will be passed to ForgotPasswordUtil
Resolved in Pega Version 8.8
When a user triggered the "Trouble Signing in" function, the SentEmailNotification activity connection was trying to use port 25 even if the SMTP Port was configured as 587 in the Email Account instance. This was due to the SMTP Port not being passed to the SentEmailNotification activity, causing a fallback to port 25 for non-SSL connections. In order to ensure SendEmailNotification uses a specified port if configured, pySMTPPort will be passed to ForgotPasswordUtil.java.