INC-140224 · Issue 604005
Corrected SAML SSO error
Resolved in Pega Version 8.3.5
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-140224 · Issue 604004
Corrected SAML SSO error
Resolved in Pega Version 8.6
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.
INC-155813 · Issue 629505
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.6
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing.
INC-188162 · Issue 673507
RSA-PSS signature support added for for SAML SSO
Resolved in Pega Version 8.7
The XML security jars have been updated to incorporate RSA-PSS signature algorithm support.
INC-160485 · Issue 655297
Trailing "/" added to public links for SSO use
Resolved in Pega Version 8.7
Links generated using pyWorkLinkWithLabel were not working with SSO due to not having a trailing "/" on the URL. This has been corrected by adding code to append the "/" if the public link url doesn't end with it.
INC-178148 · Issue 660924
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
INC-188405 · Issue 673063
Handling added for SSO servlet name
Resolved in Pega Version 8.7
After update, logging into an external site was not working correctly due to the SSO URL being appended with "/app/default". This has been resolved by updating the code to handle the servlet name properly.
SR-B85132 · Issue 334749
SAML enhancements added with OperatorContext availability fix
Resolved in Pega Version 7.4
The activity pyEstablishOperatorContext availability was incorrectly marked as final. This has been fixed and is "Available, Extension". In addition, many other enhancements have been added towards the goal of no-code configuration of SAML SSO authentication. SAML SSO is the most widely used authentication in production, but has historically required complex custom code. Please see the release notes for more information about Single Page UI Configuration and Adaptive Design for Authentication Run-time.
INC-138443 · Issue 584680
SAML authentication documentation expanded
Resolved in Pega Version 8.6
Documentation for SAML authentication services has been updated to include more detailed information about app alias URL changes.
INC-160767 · Issue 628373
Email headers correctly mapped when using MSGraph
Resolved in Pega Version 8.6
The value of "Send Date" was not correctly populated when using MSGraph instead of IMAP, causing the Email Listener to fail. Microsoft populates the "sendDateTime" field in the JSON with the value of the RFC 822 email header "Date:", but this value was not being passed to Java object of type "Message" as part of the query. To resolve this, ReceivedDateTime and SentDatetime have been added in the select filter of getMessagebymessageID.