INC-181812 · Issue 667197
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.7
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-194287 · Issue 681065
SSLContext created using protocol from REST connector rule form
Resolved in Pega Version 8.7
After upgrading to IBM websphere v9.0.5.6 or higher, API calls Like REST, Connect-HTTP etc were failing to connect to endpoints using TLSv1.2. Investigation showed that although the connector was configured to send TLSv1.2, the ClientHello handshake was triggered for TLSv1.3. Because the SSLContext was created with highest version supported by protocol in the WAS container, this has been resolved by modifying the code to create SSLContext based on the the protocol selected in the REST connector rule form. Additionally, please note that the Connect-HTTP connector has been deprecated and the Connect-REST capabilities in the platform should be used instead.
INC-181941 · Issue 664808
Handling added for using virtual network interface for Stream Services startup
Resolved in Pega Version 8.7
After update, the restart of any node failed with the error "Unable to create DSM service DATA-DECISION-SERVICE-STREAMSERVER DEFAULT". This has been resolved by adding support for allowing stream service to start on the virtual network interface in cases where it was explicitly configured via the "cluster/hazelcast/interface".
SR-C68443 · Issue 410237
Changed French locale to use getshortmonths to discriminate between June and July in datepicker
Resolved in Pega Version 8.1.2
When using the French locale, there was a problem selecting the month of July from the date picker because the three-letter abbreviations of June and July are the same in French. To resolve this, the system will now use the Java API getShortMonths in the French locale which gives 4 characters for the months.
SR-C66998 · Issue 404593
Thread name implementation fixed for FCM use with micro DC
Resolved in Pega Version 8.1.2
When attempting to invoke a remote case in the Interaction Manager portal via FCM with the Customer Service for Insurance application which uses micro DC, the case was not invoked and an empty screen was displayed. Invoking the case from the interaction portal resulted in a JavaScript error. Invoking the case from a WSS or directly from the Create button in Designer Studio worked correctly. This was traced to a recent change to the implementation for generating the thread name. Because of this, CRM apps could not load the Federated cases via micro DC. This has been fixed through changes in "pzFCMMashupGadget" to replace the slash with underscore for the FCM thread. In addition, a modification was made to use the pega:onlyonce tag so mashup scripts are not loaded multiple times and will maintain their unique data-pega-gadgetname attribute values.
INC-173725 · Issue 656480
Logic updated for DX API retrieving View/Action ID using embedded property
Resolved in Pega Version 8.7
While calling the DX API using Assignment ID and action ID, a 500 error response was logged indicating that the server encountered an unexpected condition that prevented it from fulfilling the request. Investigation traced this to the logic used for resolving an embedded property referenced in a control/field to identify the correct page class. In a non-work object context for flow actions the new assign page doesn't exist, but the system was checking for it and clearing off errors from the named page. This has been corrected.
INC-176274 · Issue 666390
Timeout check added to authorization to preserve portal context
Resolved in Pega Version 8.7
When using SAML SSO Authentication Service with "Use access group timeout" and "Redirect to IDP login after logout" selected and "Force authentication" not selected, manually logging out correctly returned the view to the custom SSO login page but the timeout logout returned the default Pega login page as if SSO was not in use. Analysis showed there was a "Failed to open portal" error after doing some action post timeout, and this was traced to pyPortal page not having a value. Investigation showed this was blank due to the creation of new thread while the requestor state was perceived as unauthenticated because of the timeout. To resolve this, a timeout check has been added to the following: Authorization#setActiveAccessGroup(java.lang.String, boolean, boolean, java.util.Map) BasicApplicationContextImmutableImpl#applyApplicationProperties
INC-151253 · Issue 607624
Hash comparisons adjusted for upgraded sites
Resolved in Pega Version 8.5.2
Existing Pega Diagnostic Cloud SSO URLs were not working after upgrade. This was traced to the previous tenant hash (or AG hash) having padding characters like ‘(’ which are no longer used in higher versions. This caused the tenant hash comparison during the SAML login flow to fail. To resolve this, the system will not compare an incoming tenant hash (in relay state) with a current platform tenant hash, but instead will rely on the “/!” pattern to identify the tenant hash in the relay state.
SR-C73100 · Issue 411034
Synchronized block method added to load keystore set with RUF
Resolved in Pega Version 8.1.2
A recent enhancement allows for the SAML auth service to use a reference to an external file for the signing certificate keystore. When the keystore had the password set using a Rule-Utility-Function, rather than being static, there were intermittent login fails with the error "unable to process SAML WebSSO request1" on the screen, and the RULES logs contained thousands of entries of an error indicating "Password is wrong". It was sometimes possible to log in by starting a new browser sessions and trying again. This was an issue with the PasswordHash property being changed from a static to a non-static field: it was not thread safe, though each object got its own copy of the instance, because if two or more threads call the setPasswordHash() method on the same object, all of these threads tried to simultaneously update the passwordHash instance variable and incorrect results were seen. To correct this, the system will use a synchronized block when loading the entries into cache in the getKey() method - Caller function of KeystoreCacheImpl.java.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.