INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
SR-B69359 · Issue 337302
Tab header value works for SSO
Resolved in Pega Version 8.1
The Tab header value was not updated with the rule name or Work Object ID when SSO authentication was used with sub-domain URLs. This has been fixed.
SR-C11323 · Issue 352191
Tab header value works for SSO
Resolved in Pega Version 8.1
The Tab header value was not updated with the rule name or Work Object ID when SSO authentication was used with sub-domain URLs. This has been fixed.
SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D29127 · Issue 506862
SAML data pages restored after passivation
Resolved in Pega Version 8.3.1
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as read-only, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D41482 · Issue 507883
SAML data pages restored after passivation
Resolved in Pega Version 8.3.1
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as read-only, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-C16944 · Issue 364121
pxObjClass of StepPage retained when using adoptJSONObject
Resolved in Pega Version 8.1
When using the adoptJSONObject method in a REST Service activity, calling adoptJSONObject made the pxObjClass of StepPage null. However, the pxObjClass retained its correct value after calling the adoptJSONObject method if the tracer was running. In this scenario, when JSON was adopted on to a page which had pxObjClass set on it and JSON didn't have pxObjClass within it , the resulting page was becoming classless. This has been fixed by reading pxObjClass from the page and retaining it if it is not empty and if pxObjClass is not present in stream.
SR-C40010 · Issue 382499
Corrected URL formation problem when using Tomcat
Resolved in Pega Version 8.1
A blank screen was seen when trying to open Decision Table headers, and the color picker pop-up was blank when trying to choose a color for the skin. This was traced to an incorrect URL formed when using Tomcat, caused by the prweb/hash being appended twice in the URL. The root cause was unnecessary decoding of extURL in 'pzDisplayModalDialog' , and this has been fixed by adding the proper urlCrossScriptingFilter.
SR-C48072 · Issue 388475
Corrected URL formation problem when using Tomcat
Resolved in Pega Version 8.1
A blank screen was seen when trying to open Decision Table headers, and the color picker pop-up was blank when trying to choose a color for the skin. This was traced to an incorrect URL formed when using Tomcat, caused by the prweb/hash being appended twice in the URL. The root cause was unnecessary decoding of extURL in 'pzDisplayModalDialog' , and this has been fixed by adding the proper urlCrossScriptingFilter.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.