SR-D33491 · Issue 511728
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.4
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.
SR-D43811 · Issue 511922
Code fragment removed to resolve CookieDisabledException
Resolved in Pega Version 8.4
After upgrade, a CookieDisabledException occurred after a post activity was invoked in the single sign-on (SSO) authentication service. This was traced to the site using the deprecated flag "redirectguests" as part of SSO-based login for mashup usecases. This flag was used to check if a cookiedisabled exception was thrown or not, and if there was no cookie, if a requestor was authenticated in first request. However, the flag has been removed as part of work done to omit the Cookie support check on Mobile App UAs. Code that supported the use of this flag remained after that work and led to the exception being generated, but has now been removed as well.
SR-D40756 · Issue 508098
Null check added for missing IDP RelayState
Resolved in Pega Version 8.4
An "ArrayIndexOutOfBounds" exception was showing sporadically when using IDP Initiated SAML Login requests. This was traced to IDP not consistently providing the RelayState parameter to Pega, and the exception has been resolved with the addition of a null check. When the RelayState parameter is empty, the message "Missing Relaystate information in IDP Response" will be shown.
SR-D50539 · Issue 521150
Database locking improved for login performance
Resolved in Pega Version 8.4
A slowness issue seen when trying to login to my.pega.com was traced to numerous database locks occurring on the pr_data_saml_authreqcontext table during the SAML flow. Analysis showed that while running Obj-Save on AuthRequestContext with 'OnlyIfNew' as false, the check caused a select query to run on the table to determine if the context was already there and insert it if it was not. To resolve this, the onlyIfNew check will default to true to avoid running the query; if the context is already present it will be overridden. Duplicate key exception handling has also been added to avoid any issues if a resave is done with same key.
SR-D37894 · Issue 505976
Query parameters will be cleared after redirection from authentication
Resolved in Pega Version 8.4
When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.
SR-D38232 · Issue 509856
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.4
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
SR-D41637 · Issue 512269
Mashup URLs will include thread name for better passivation recovery
Resolved in Pega Version 8.4
Mashup screens were distorted after keeping the screen idle for more than 1 hour and then trying to switch between accounts. Investigation showed that during SSO authentication the relaystate generated without including thread name in the URL, leading to the threadname not being passivated or made available during reactivation. To resolve this, the thread name will now be included in the URL.
SR-D25972 · Issue 501483
Handling added for custom error message in post-authentication activity
Resolved in Pega Version 8.4
The error message in post authentication activity was always appearing as 'Login terminated because a post-authentication activity or policy failed' irrespective of the actual message being conditionally set in the activity based on post authentication logic. Investigation showed that the parameter page in the SSO post-authentication activity was not being passed to the 'pzShowAuthPolicyError' activity due to the post-authentication activity executing in authenticated context whereas the HTML fragment executed in the un-authenticated context. In order to support this use, post-authentication activity will set the error message on a predefined property and propagate that to the HTML fragment by appending the error message as a query parameter in the redirect exception URL post-authentication failure.
SR-D61094 · Issue 527341
Browser cache disabled to ensure fresh RAP file retrieval
Resolved in Pega Version 8.1.8
When using RAP download, reusing the same filename as a previous download caused the older file to be retrieved and not the newer version under that name. This was caused by RAP using the browser cache and downloading the same folder from service export directory. To resolve this, validation has been inserted to disable using the browser cache for the HTTP response.
SR-D28342 · Issue 504972
ChatMashup loading issue with IDP resolved
Resolved in Pega Version 8.4
When using a harness containing chat scripts via Mashup that called an activity to set parameters, attempting to launch the Mashup from an external application failed on the first attempt: an incorrect URL was generated and the activity was not triggered, resulting in an empty harness. The second attempt to launch the Mashup worked as expected. This was seen when using an IDP initiated Login with query string - pyActivity= classname.ActivityName, and there was a workaround to use SP initiated login or to use the activity URL directly on the IDP portal. Investigation showed that the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.