INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-130703 · Issue 597255
Operator provisioning on authentication service corrected
Resolved in Pega Version 8.5.2
When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.
INC-149823 · Issue 608352
DX API returns properly referenced icon class for embedded page
Resolved in Pega Version 8.5.2
When using the DX API to build an Angular JS UI, the response returned from the GET /cases/{ID}/actions/{actionID} api did not return the iconStyle for an icon class that uses a property reference when the flow is on an embedded page. This has been resolved by adding code to set the correct context for pzAPICreateJsonForModes and pzAPICreateJsonForField Rule-Utility-Function.
INC-170514 · Issue 653762
Lock conflict resolved for AssignmentCheck
Resolved in Pega Version 8.7
The error "Unable to unlock this work object" sporadically appeared in both the runtime log and Pega RULES log when the robot was trying to create a case in Pega using an API call. Investigation showed that as the case was created, it was pulled by another robot (another requestor) which was using the GetAssignments API. This caused the perform assignment check to fail. To resolve this, a 'when' rule has been added to the performAssignmentCheck Activity.
INC-193561 · Issue 680427
Client secret made optional for JWT Bearer Grant type
Resolved in Pega Version 8.7
After update, trying to connect a REST API using OpenAM as the provider for OAuth and using JWT Bearer as Grant type was resulting in an error indicating the request was not reaching the destination. This was traced to the client secret being designated a mandatory field when it should be optional in this case as the required key store was already configured with a JWT token profile. To resolve this, an update has been made which will make the client secret optional when the authentication scheme is JWT Bearer. In addition, the blank value caused a null pointer error when the client secret was not passed. This has been handled with a check.
INC-177665 · Issue 662020
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186868 · Issue 675245
Security updated to allow Access group switching
Resolved in Pega Version 8.7
When a member of two different access groups attempted to switch from one group to another, an "access denied" message occurred. This was traced to the use of BAC, and has been resolved by updating the pzProcessApplicationSwitch activity to use the pzEncryptURLActionString function to register the request.
INC-186654 · Issue 669115
GetStatusChanges performance improvements
Resolved in Pega Version 8.7
Performance issues were seen when running the GetStatusChanges report. This was traced to the filtering methods used, and has been resolved by updating the report definition and enhancing the filtering conditions.
INC-169186 · Issue 655537
Disconnect button availability extended
Resolved in Pega Version 8.7
A case was not refreshing when the disconnect button was selected while using the standard section for authorization grant type authentication. This was traced to a query executed to find a div with attribute pzInsHandle, but that attribute was not applicable in the user portal. To support this use, the query has been extended to be applicable for user portal (attribute data-ui-meta) and Dev Studio landing page.
INC-178834 · Issue 660425
RDA support added for Citrix XenApp
Resolved in Pega Version 8.7
Robot Runtime was not working in a Citrix XenApp environment when using the JWT token generated by the D_pxRoboticJWTToken data page to identify the user. This has been resolved by updating the scope of the datapage D_pxRoboticJWTToken from node level to requestor, which will allow the user information in the JWT token to be passed to the routing service and support the use of RDA in Citrix environments.