INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
INC-155813 · Issue 629506
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.5.3
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing
INC-160767 · Issue 628374
Email headers correctly mapped when using MSGraph
Resolved in Pega Version 8.5.3
The value of "Send Date" was not correctly populated when using MSGraph instead of IMAP, causing the Email Listener to fail. Microsoft populates the "sendDateTime" field in the JSON with the value of the RFC 822 email header "Date:", but this value was not being passed to Java object of type "Message" as part of the query. To resolve this, ReceivedDateTime and SentDatetime have been added in the select filter of getMessagebymessageID.
INC-130299 · Issue 583924
Updated SSO operator authentication handling after passivation
Resolved in Pega Version 8.1.9
With SSO enabled and the pyAccessGroupsAdditional value list populated with the Mapping tab, attempting to access an expired session with an old cookie resulted in a stale thread exception while mapping value list attributes. This was due to using an AuthServicePage which was created by another session thread that had become stale for current session, and has been resolved by updating the code to call the authenticateoperator method on the authservicepage copy.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
INC-154855 · Issue 616003
Updated expression handling when not using client side validation
Resolved in Pega Version 8.5.3
After upgrade, a declare expression used to calculate the end date when creating a schedule case was not populating the result. This was traced to a missed use case for evaluating expressions when 'Enable client side validation' is unchecked, and has been resolved.
INC-195519 · Issue 698496
Support added for using CFW when Pega server is unavailable
Resolved in Pega Version 8.5.6
Data synchronization changes have been added to allow Client for Windows to work in offline mode without an AppCache manifest.
INC-195511 · Issue 693218
Check added for child join class when using ABAC
Resolved in Pega Version 8.5.6
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
INC-147245 · Issue 612868
Expand Pane icon responds to enter key when using JAWS
Resolved in Pega Version 8.5.3
In an Operator ID rule in Dev Studio, pressing the Enter key when focused on an Access Group expand icon caused the focus on the page to move to the top of the Contact Information frame (top left corner of the Frame). The only way to use the enter key to expand the pane without the refocus was to tab to the arrow icon and then tab a second time before pressing enter. This was traced to the expand caret icon being focussed twice due to the tabIndex for both the TD and SPAN elements holding the caret icon: TD had a focus element for accessibility of the grid, and SPAN had it for the expand pane accessibility. This has been resolved by adding a check condition before adding tabIndex to the first cell in the Grid.
INC-151952 · Issue 609340
Expand Pane icon responds to enter key when using JAWS
Resolved in Pega Version 8.5.3
In an Operator ID rule in Dev Studio, pressing the Enter key when focused on an Access Group expand icon caused the focus on the page to move to the top of the Contact Information frame (top left corner of the Frame). The only way to use the enter key to expand the pane without the refocus was to tab to the arrow icon and then tab a second time before pressing enter. This was traced to the expand caret icon being focussed twice due to the tabIndex for both the TD and SPAN elements holding the caret icon: TD had a focus element for accessibility of the grid, and SPAN had it for the expand pane accessibility. This has been resolved by adding a check condition before adding tabIndex to the first cell in the Grid.