INC-140224 · Issue 604005
Corrected SAML SSO error
Resolved in Pega Version 8.3.5
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-134046 · Issue 575238
database locking improved for login performance
Resolved in Pega Version 8.5
A slowness issue seen when trying to login to my.pega.com was traced to numerous database locks occurring on the pr_data_saml_authreqcontext table during the SAML flow. Analysis showed that while running Obj-Save on AuthRequestContext with 'OnlyIfNew' as false, the check caused a select query to run on the table to determine if the context was already there and insert it if it was not. To resolve this, the onlyIfNew check will default to true to avoid running the query; if the context is already present it will be overridden. Duplicate key exception handling has also been added to avoid any issues if a resave is done with same key.
INC-142531 · Issue 598438
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.3.5
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
SR-D79181 · Issue 551124
OKTA receives parameters on logout
Resolved in Pega Version 8.5
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the database, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.
INC-135437 · Issue 589489
Export to Excel working for reports with "Display values across columns"
Resolved in Pega Version 8.3.5
Attempting to use Export to Excel when "display values across columns" was checked resulted in a null pointer error. This was traced to a null page being passed to pzRDExportWrapper, and has been resolved by adding a check for the primary page If it is null, the step page will be used.
INC-140101 · Issue 597636
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.3.5
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
SR-D96395 · Issue 555118
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.5
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-132209 · Issue 577000
CDK key loading modified for better database compatibility
Resolved in Pega Version 8.5
Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).
INC-134808 · Issue 590713
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.3.5
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-133450 · Issue 585994
Login button hidden after click
Resolved in Pega Version 8.3.5
When the login button was clicked fast several times, intermittently the login would fail with the blue screen and "Security violation attempting to access requestor" error in the logs. To resolve this, on click of the login button will be hidden to prevent firing multiple login requests.