INC-140224 · Issue 604004
Corrected SAML SSO error
Resolved in Pega Version 8.6
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-155813 · Issue 629505
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.6
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing.
INC-148117 · Issue 608005
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.6
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-151253 · Issue 607625
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.6
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.
INC-130703 · Issue 597254
Operator provisioning on authentication service corrected
Resolved in Pega Version 8.6
When operator provisioning was triggered on user login via authentication service, the error "ModelOperatorName is not valid. Reason: declare page parameters not supported by PropertyReference" was generated. This was traced to optimization work that had been done on the expression evaluation for operator identification, and has been resolved by adding the required GRS Syntax support in the Operator Provisioning section in SAML and OIDC.
INC-158489 · Issue 623452
Captcha control updated to support ClientValidation
Resolved in Pega Version 8.6
The required checkbox for the pzCaptcha control was not working when using a custom configuration, allowing a case to be submitted with a blank captcha even when the required parameter was selected on control. This was traced to a required parameter not being correctly populated to the pzCaptcha control, and has been resolved by adding ClientValidation into the pzCaptcha control so that if a required parameter is selected on the control it will be applied during case execution.
INC-140101 · Issue 597635
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.6
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
INC-155276 · Issue 626618
Null check added for step page
Resolved in Pega Version 8.6
After creating and adding new Access Roles and application 'Access When' to the privileges instead of Production level, during run time the error "runtime.IndeterminateConditionalException: Trying to evaluate Rule-Access-When conditions L:IsProdAccess when there is no page to evaluate them against" appeared for the specific privileges. This was traced to a missed use case where the system falls back to the step page if the page for evaluating the 'when' condition is null, which did not account for scenarios where the step page can be null. To resolve this, a null check has been added which will fetch the primary page if the step page for the access 'when' condition is null.
INC-154311 · Issue 615683
Decryption updated for External assignment routed with DWA
Resolved in Pega Version 8.6
When an external assignment was routed to a user using DWA, the user was able to access the assignment but received the error "There has been an issue; please consult your system administrator" when submitting. Investigation showed this was caused by the system attempting to decrypt the External assignment with the requestor level key, causing the decryption to fail with a NumberFormatException. To resolve this, the system will check if the obfuscated string starts with Global encryption key prefix and then decrypt with the global encryption key by trimming out the prefix.
INC-144597 · Issue 598304
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.6
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.