INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
SR-D29127 · Issue 506863
SAML data pages restored after passivation
Resolved in Pega Version 8.2.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
INC-130299 · Issue 583924
Updated SSO operator authentication handling after passivation
Resolved in Pega Version 8.1.9
With SSO enabled and the pyAccessGroupsAdditional value list populated with the Mapping tab, attempting to access an expired session with an old cookie resulted in a stale thread exception while mapping value list attributes. This was due to using an AuthServicePage which was created by another session thread that had become stale for current session, and has been resolved by updating the code to call the authenticateoperator method on the authservicepage copy.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-195519 · Issue 698496
Support added for using CFW when Pega server is unavailable
Resolved in Pega Version 8.5.6
Data synchronization changes have been added to allow Client for Windows to work in offline mode without an AppCache manifest.
INC-195511 · Issue 693218
Check added for child join class when using ABAC
Resolved in Pega Version 8.5.6
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
SR-D38492 · Issue 505489
Batching now enabled when using IH Summary shape in substrategies
Resolved in Pega Version 8.2.4
Batching was not being enabled when using IH Summary shape in substrategies. This was traced to the IH_SUMMARY_CACHE field not automatically being passed to sub-strategies, and has been corrected.
SR-D39003 · Issue 505997
Threads will be updated to maintain assembly context when using Static Assembler
Resolved in Pega Version 8.2.4
When running the Static Assembler utility from UI, the assembler process completed successfully but the PegaRULES.log was flooded with the FATAL exception "Usage error - next Executable not based on current". This error was generated from com.pega.pegarules.session.internal.mgmt.Executable constructor, and indicated an issue with the thread context being different from the assembly context. To resolve this, the system has been modified to update the context of thread to what is expected as assembly context.
INC-132191 · Issue 582547
Option added to return to same authenticationService after SAML logoff
Resolved in Pega Version 8.2.8
An enhancement has been added which provides a check box on the Authentication Service ruleform to select the option of redirecting users back to their original authentication service screen after logoff.
INC-130677 · Issue 570040
When rule accepted in column header
Resolved in Pega Version 8.1.9
A grid was not rendering if it contained a 'when' rule on a column header. This was a missed use case and has been resolved.