INC-155813 · Issue 629504
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.4.5
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing.
INC-188162 · Issue 673507
RSA-PSS signature support added for for SAML SSO
Resolved in Pega Version 8.7
The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.
INC-160485 · Issue 655297
Trailing "/" added to public links for SSO use
Resolved in Pega Version 8.7
Links generated using pyWorkLinkWithLabel were not working with SSO due to not having a trailing "/" on the URL. This has been corrected by adding code to append the "/" if the public link url doesn't end with it.
INC-178148 · Issue 660924
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
INC-188405 · Issue 673063
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
SR-D90779 · Issue 556916
Resolved error when using IHSummary as a predictor
Resolved in Pega Version 8.4.2
After configuring the adaptive model and implementing delayed learning with IHSummary as a predictor, the exception "dataflow.StageException" appeared when the strategy was executed as part of the dataflow run. This has been resolved by implementing a cache expiry of 5 minutes.
INC-170423 · Issue 648982
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.4.5
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-170423 · Issue 648985
Added catch for SAML WebSSO duplicate key exception
Resolved in Pega Version 8.7
After logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint. Cannot insert duplicate key in object." This has been resolved by updating the session index handling and adding a catch for the duplicate key exception.
INC-127392 · Issue 574286
Delegated Decision table rule grid loads in iFrame with SSO
Resolved in Pega Version 8.5.1
The delegated decision table rule grid and checkout options were not displayed when launched from iFrame using SSO sign in. Without SSO, the delegated decision table grids were loading properly for the same Access group. The heart of this issue was that decision tables were using an older style of Designer Studio javascript which was not designed to be embedded in an iFrame due to issues related to Cross-Origin Resource Sharing (CORS). In order to support the usecase of the Pega end user portal/application being integrated to an external domain application using an iFrame, enhancements have been made to the necessary delegated rule function definitions.
INC-162434 · Issue 640051
LookUpList correctly executes during SSO login with model operator
Resolved in Pega Version 8.7
After configuring SSO to create operators on fly using a model operator, a new user logging in for the very first time had their operator ID created using the model operator, but after upgrade new users logging in to the system received the error "Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS LOOKUPLIST". This was due to the methods used for additional security on the activity @baseclass LookUpList which allows it to only be run by authenticated users, and has been resolved.