INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
SR-D46681 · Issue 514435
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.1.8
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-195519 · Issue 698496
Support added for using CFW when Pega server is unavailable
Resolved in Pega Version 8.5.6
Data synchronization changes have been added to allow Client for Windows to work in offline mode without an AppCache manifest.
INC-195511 · Issue 693218
Check added for child join class when using ABAC
Resolved in Pega Version 8.5.6
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
SR-D38492 · Issue 505489
Batching now enabled when using IH Summary shape in substrategies
Resolved in Pega Version 8.2.4
Batching was not being enabled when using IH Summary shape in substrategies. This was traced to the IH_SUMMARY_CACHE field not automatically being passed to sub-strategies, and has been corrected.
SR-D39003 · Issue 505997
Threads will be updated to maintain assembly context when using Static Assembler
Resolved in Pega Version 8.2.4
When running the Static Assembler utility from UI, the assembler process completed successfully but the PegaRULES.log was flooded with the FATAL exception "Usage error - next Executable not based on current". This error was generated from com.pega.pegarules.session.internal.mgmt.Executable constructor, and indicated an issue with the thread context being different from the assembly context. To resolve this, the system has been modified to update the context of thread to what is expected as assembly context.
INC-192464 · Issue 681858
PackageComponent updated for use with repositories
Resolved in Pega Version 8.5.6
Exporting a zip file created by the Component wizard to a repository resulted in an error, however the same process worked as expected when the zip file was created by the Product wizard. Investigation showed that pxPackageComponent was not kept up to date with new metadata requirements for Artifactory export. This has been resolved by modifying pxPackageComponent step 7 to set Param.ArtifactType to "component" and Param.ArtifactName to [component name]_[component version]. A privilege check has also been added to zipMoveExport.
INC-196414 · Issue 684237
OAuth token refreshed when revoked on source
Resolved in Pega Version 8.5.6
When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.