INC-140224 · Issue 604004
Corrected SAML SSO error
Resolved in Pega Version 8.6
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
INC-155813 · Issue 629505
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.6
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing.
SR-D46681 · Issue 514433
SnapStart supports SAML2 Authentication
Resolved in Pega Version 8.2.5
When using an HTTP Post to SnapStart into Pega using PRCustom style or PRAuth style SAML authentication, the login was looping back to the login request. Investigation showed that the Pega ACS was posting data properly back to the RelayState URL, however the login activity was not getting the SAMLResponse and simply sent a SAML Login Request again. This has been fixed by updating reqContextURI in case of SAML2 Authentication service so pyActivity=value will be passed.
INC-138443 · Issue 584680
SAML authentication documentation expanded
Resolved in Pega Version 8.6
Documentation for SAML authentication services has been updated to include more detailed information about app alias URL changes.
INC-160767 · Issue 628373
Email headers correctly mapped when using MSGraph
Resolved in Pega Version 8.6
The value of "Send Date" was not correctly populated when using MSGraph instead of IMAP, causing the Email Listener to fail. Microsoft populates the "sendDateTime" field in the JSON with the value of the RFC 822 email header "Date:", but this value was not being passed to Java object of type "Message" as part of the query. To resolve this, ReceivedDateTime and SentDatetime have been added in the select filter of getMessagebymessageID.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-144566 · Issue 600855
User lookup list correctly populated when using # tag
Resolved in Pega Version 8.6
When typing '#ANewTag @' in Pulse, the user lookup list was not shown. Using '#ExistingTag @' worked as expected. This was a missed use case in work done to improve the performance of pzJquerymentionsInput by restricting REST calls, and has been resolved.
INC-154855 · Issue 616001
Updated expression handling when not using client side validation
Resolved in Pega Version 8.6
After upgrade, a declare expression used to calculate the end date when creating a schedule case was not populating the result. This was traced to a missed use case for evaluating expressions when 'Enable client side validation' is unchecked, and has been resolved.
SR-D43141 · Issue 512434
Support added for iFrame Mashup resize when using SPA
Resolved in Pega Version 8.2.5
After upgrade, issues were seen with an iFrame holding a Mashup not resizing as expected. This was traced to the use of an SPA portal inside mashup, and has been resolved by explicitly invoking the doharnessResize API to set proper height on iframe when using SPA.