INC-178148 · Issue 660924
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
INC-188405 · Issue 673063
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
SR-B37819 · Issue 296299
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
SR-B43950 · Issue 300643
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
SR-B43950 · Issue 301551
SAML SessionInfo cleanup enhanced
Resolved in Pega Version 7.3
The following SAML issues have been corrected: 1) when IDP logout URL was empty, SAMLSingleLogOff activity generated an exception; 2) the SAML Session info record was not deleted during logout process even when given a valid IDP logout URL; 3) the SAML session info record was not deleted for both SP and IDP initiated logouts.
SR-A92057 · Issue 259453
OneTimeUse cache file generation disabled for SAML2
Resolved in Pega Version 7.2.2
Whenever SAML2 Token contained a "OneTimeUse" caching condition there were thousands of unwanted files generated. This caching has been disabled in the assertion validation code of SAMLv2ResponseProtocolValidator.java, so even if SAML2 token contains that OneTimeUse condition these files will not be generated.
SR-A76677 · Issue 253493
IDP SAML 2.0 schema validation error resolved
Resolved in Pega Version 7.2.2
When generating the Pega SP metadata after importing the Shibboleth IDP metadata, the error "The metadata does not pass the SAML 2.0 schema validation" appeared. This has been resolved by modifying the pzDownloadSPMetadata activity to generate a unique secure random ID prefixed with an underscore.
SR-B3657 · Issue 274527
SAML authentication enhanced to detect encoded/decoded response
Resolved in Pega Version 7.3
Even though SAML authentication was working as expected, an error message was being logged when the system attempted to process the authentication response as encoded before falling back to process it as decoded. To remove confusion, Fallback has been removed and instead the system will intelligently identify the response as encoded/decoded and handle it appropriately without generating an unnecessary error.
SR-B3657 · Issue 280763
SAML authentication enhanced to detect encoded/decoded response
Resolved in Pega Version 7.3
Even though SAML authentication was working as expected, an error message was being logged when the system attempted to process the authentication response as encoded before falling back to process it as decoded. To remove confusion, Fallback has been removed and instead the system will intelligently identify the response as encoded/decoded and handle it appropriately without generating an unnecessary error.
SR-B3657 · Issue 285983
SAML authentication enhanced to detect encoded/decoded response
Resolved in Pega Version 7.3
Even though SAML authentication was working as expected, an error message was being logged when the system attempted to process the authentication response as encoded before falling back to process it as decoded. To remove confusion, Fallback has been removed and instead the system will intelligently identify the response as encoded/decoded and handle it appropriately without generating an unnecessary error.