SR-C70146 · Issue 407968
Corrected SAML SSO logout error
Resolved in Pega Version 8.1.2
When performing a SAML SSO Logout, an error appeared indicating some artifacts were missing. This was traced to an incorrect NameQualifier being generated with IDP in the logoff request, and has been fixed by modifying the code to include an SPNameQualifier attribute for the NameID element in the logout request. Namespace has been added for logout requests at the parent level instead adding it at each node element.
SR-D46681 · Issue 514435
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.1.8
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
SR-C65438 · Issue 406711
Added SAML parameter page generation for local use to bypass null auth object
Resolved in Pega Version 8.1.2
After defining any step which used parameters in the Post authentication activity of a SAML authentication service, the authentication failed with a java.lang.NullPointerException at com.pega.pegarules.session.internal.mgmt.Executable.putParamValue(Executable.java:3030). This was traced to local logic inserted to iterate through the SAML attributes that used a null parameter page. To resolve this, code has been inserted that will generate a new parameter page for the iteration rather than getting it from the authentication object.
SR-C64783 · Issue 407089
Corrected handling for SAML logoff
Resolved in Pega Version 8.1.2
On SAML logoff, the error "There has been an issue; please consult your system administrator; Status:fail ... No certificate found in truststore" appeared. Investigation showed this was an issue with the aliasing of certificates and signing that led to the requestor not being terminated for that logoff response. To correct this, when Pega receives a logout request which is invalid, it will terminate the session instead of throwing a PRRunTimeException.
SR-C84361 · Issue 437599
Added handling for better recovery and reset when using 'When' conditional row deletion
Resolved in Pega Version 8.3
Given a 'When' condition configured so that a specific row could be deleted, trying to delete another row resulted in the expected error indicating it was not possible to delete that particular row. However, attempting to then delete the row with the 'When' condition caused the same failure error to appear which could not be cleared through clicking on the Refresh button for the section. In order to resolve this, handling has been added for a scenario where Obj-Delete fails and the record is marked for deferred commit. In this situation, the system will revert Obj-Delete by way of Obj-Save-Cancel in @baseclass.pzDeleteRecord so that a subsequent Obj-Delete does not pick up the previous record and fail again.
SR-C93726 · Issue 435285
Work status icons work correctly when using localization
Resolved in Pega Version 8.3
The pyWorkAssignmentStatus control was not displaying the status flags/icons for localized work status values due to a match failure caused by the system using the localized text for the pyAssignmentStatus to perform a string comparison against the hard-coded English values. To correct this, the control pyWorkAssignmentStatus has been modified to run the comparisons with the new string "assignmentStatus" instead of with the localized text.
SR-C65757 · Issue 404535
Support added for POST binding in SAML logout
Resolved in Pega Version 8.1.2
Enhancements have been added in code and rule changes to support POST binding for SAML logout. In addition, handling has been added to resolve an ArrayOutOfIndexException error that was appearing if IDP sent parameters without any value.
SR-C65757 · Issue 406953
Support added for POST binding in SAML logout
Resolved in Pega Version 8.1.2
Enhancements have been added in code and rule changes to support POST binding for SAML logout. In addition, handling has been added to resolve an ArrayOutOfIndexException error that was appearing if IDP sent parameters without any value.
SR-C89541 · Issue 430728
Case Manager email correspondence opens when encryption and obfuscation are used
Resolved in Pega Version 8.3
If the urlEncryption (true) and submitURLObfuscation(required) settings were enabled, it was not possible to open correspondence emails sent in Case Manager portal. No issue was seen when submitURLObfuscation was set to "optional" (which allows the server to accept URLS with either clear-text or obfuscated strings). Investigation showed the obfuscated values for pyActivity were not part of the HTTP request generated when the Data-Corr-Email attachment is clicked, leading to the system blocking the pop-up window request. Because bEncryptURLs, which is being set in the fragment DesktopWrapper_Variables, is not available in the harness context, the SafeURL method toURL therefore was not encrypting the URL. This has been resolved by setting both bEncryptURLs and pega.ctx.bEncryptURLs to true in the HTML fragment.
SR-D16327 · Issue 487448
Updated logic for Bulk Upload count when background processing is used
Resolved in Pega Version 8.3
When multiple items were queued as part of "Bulk Upload" and the "Transfer To" operation was used with "BULK PROCESS in BACKGROUND", discrepancies were seen in the email received. For example, if two items were selected for transfer, email notifications stated that 1 item was selected and 1 item was processed instead of 2. This was traced to using 'process in background': when selected during bulk processing, the first record is processed in the foreground and remaining records are processed in the background. When the system sent the email notification once the background process was done, the total records computation was not considering the foreground-processed record, and the count was off. The timing logic has been updated to account for the foreground record to resolve this.