SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-128961 · Issue 208349
Added check for naming conflicts when upgrading Oracle
Resolved in Pega Version 7.2
When attempting to upgrade a single schema on Oracle database, running the generateddl script failed with a NullPointerException. This was caused by database tables which had a column name called 'SYS_ID' as part of the primary key. Since Oracle uses system-generated names beginning with "SYS_" for implicitly generated schema objects and subobjects, Oracle discourages the use of this prefix in the names explicitly provided to the schema objects and subobjects in order to avoid possible conflicts in name resolution. To resolve this, a tester has been added to the system to check for this naming use and issue a warning.
SR-A4488 · Issue 214464
Improved system performance for SQL using ReserveQueueItem
Resolved in Pega Version 7.2
The SQL generated using the stored procedure sppr_sys_reservequeueitem_b has been tuned to improve system performance for all database implementations; DB2, MS SQL Server, and Oracle.
INC-173162 · Issue 650793
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.6.1
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.
INC-173162 · Issue 650795
Certificate match will use Subject Distinguished Name
Resolved in Pega Version 8.7
Signature verification was failing due to the system not finding the matching root certificate for the chain. The root certificate was in the trust store, but the system found a different certificate first and that other certificate (an intermediate certificate) was not considered a valid certificate for validating the whole certificate chain. This was traced to filtering on the Issuer Distinguished Name (DN) instead of the Subject DN and was due to intermediate certificates potentially having the same Issuer as a root certificate (e.g. if that root certificate was used to create the intermediate certificate). To resolve this, an update has been made to check the Subject DN instead of Issuer DN.
INC-174625 · Issue 655242
Admin Studio will consider cluster protocol when returning listener status
Resolved in Pega Version 8.7
When using a few nodes in standalone mode for BIX extract combined with server nodes using Hazelcast, opening the admin studio pages with service discovery caused an error to be thrown. This was traced to the system writing an entry to pr_sys_statusnodes table as an embedded node whenever a BIX extract was triggered, causing those standalone nodes to be incorrectly considered by the listener landing page. This has been resolved by configuring the system to either return the local member when the cluster protocol is standalone or to return all Hazelcast members if the cluster protocol is Hazelcast.
INC-181941 · Issue 664808
Handling added for using virtual network interface for Stream Services startup
Resolved in Pega Version 8.7
After update, the restart of any node failed with the error "Unable to create DSM service DATA-DECISION-SERVICE-STREAMSERVER DEFAULT". This has been resolved by adding support for allowing stream service to start on the virtual network interface in cases where it was explicitly configured via the "cluster/hazelcast/interface".
SR-D28460 · Issue 509365
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.2.4
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-A4589 · Issue 214117
Obj-Browse reads external mapping with external schema
Resolved in Pega Version 7.2
An Obj-Browse function missing the definition for the property/column lists was not reading the column-property mapping from the Class definition when using external schema. To correct this, getListSelectClause has been modified to use the property name as alias when external mapping is defined and a passed field value is a column name for classes mapped to an external table.
SR-A9198 · Issue 218533
Text retrieval for deprecated "Query" button updated for universal browser support
Resolved in Pega Version 7.2
The Firefox popup window provided by the Product rule when querying "Individual Instances to Include" failed to transpose the selected rule information back into the Product ruleform when the OK button was clicked. This was due to the use of the deprecated "Query" button, which does not have support for all browsers, to launch the ListView. To handle this, the node text retrieval method in DataInstancesQueryScript has been updated to use the 'textContent' function (compatible with all browsers) instead of the previous 'innerText'.