SR-D2296 · Issue 436877
Enhancement added to support multiple security certificates
Resolved in Pega Version 8.2.2
When importing IDP metadata, the only the last verification certificate was imported if there were multiple certificates. This caused SAML SSO signing failures in some cases. Support has now been added for importing multiple certificates to enhance encryption security.
INC-176274 · Issue 666390
Timeout check added to authorization to preserve portal context
Resolved in Pega Version 8.7
When using SAML SSO Authentication Service with "Use access group timeout" and "Redirect to IDP login after logout" selected and "Force authentication" not selected, manually logging out correctly returned the view to the custom SSO login page but the timeout logout returned the default Pega login page as if SSO was not in use. Analysis showed there was a "Failed to open portal" error after doing some action post timeout, and this was traced to pyPortal page not having a value. Investigation showed this was blank due to the creation of new thread while the requestor state was perceived as unauthenticated because of the timeout. To resolve this, a timeout check has been added to the following: Authorization#setActiveAccessGroup(java.lang.String, boolean, boolean, java.util.Map) BasicApplicationContextImmutableImpl#applyApplicationProperties
SR-D3556 · Issue 444612
Requestor.OperatorID page updated to stay in sync with current OperatorID to enable post-Auth activity mapping
Resolved in Pega Version 8.2.2
The systems pages were not getting updated to the right operator's context when a post-Auth activity was used for mapping. To support this use, the UpdateOperatorID trigger has been updated to keep the pxRequestor.OperatorID page in sync with the current operatorID page during SAML. The operator will also be saved during provisioning.
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-142531 · Issue 598438
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.3.5
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
INC-177737 · Issue 663141
Authentication requirement updated for CallConnector
Resolved in Pega Version 8.7
After update, invoking a REST API call during SSO login which eventually called pxCallConnector (Final Activity) in @baseclass Pega-RulesEngine failed at the CallConnector step. This was caused by a change in recent Pega versions which enabled authentication for this activity, and has been resolved by marking the activity as internal and disabling the authentication requirement.
INC-140482 · Issue 594166
Handling added for last focused element in custom modal
Resolved in Pega Version 8.3.5
Using Shift-Tab can take the focus out of the modal window when using a custom modal template without the "X" icon in the header. The issue did not happen when using "tab" key press to traverse the modal. This was a missed use case for the last focused element being div and tabindex as 0 combined with using a custom template which doesn't have close button. This has been resolved.
INC-140482 · Issue 594163
Handling added for last focused element in custom modal
Resolved in Pega Version 8.5.3
Using Shift-Tab can take the focus out of the modal window when using a custom modal template without the "X" icon in the header. The issue did not happen when using "tab" key press to traverse the modal. This was a missed use case for the last focused element being div and tabindex as 0 combined with using a custom template which doesn't have close button. This has been resolved.
INC-187553 · Issue 675429
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.
INC-188080 · Issue 673783
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.