INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
INC-155813 · Issue 629506
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.5.3
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing
SR-B85132 · Issue 334749
SAML enhancements added with OperatorContext availability fix
Resolved in Pega Version 7.4
The activity pyEstablishOperatorContext availability was incorrectly marked as final. This has been fixed and is "Available, Extension". In addition, many other enhancements have been added towards the goal of no-code configuration of SAML SSO authentication. SAML SSO is the most widely used authentication in production, but has historically required complex custom code. Please see the release notes for more information about Single Page UI Configuration and Adaptive Design for Authentication Run-time.
INC-160767 · Issue 628374
Email headers correctly mapped when using MSGraph
Resolved in Pega Version 8.5.3
The value of "Send Date" was not correctly populated when using MSGraph instead of IMAP, causing the Email Listener to fail. Microsoft populates the "sendDateTime" field in the JSON with the value of the RFC 822 email header "Date:", but this value was not being passed to Java object of type "Message" as part of the query. To resolve this, ReceivedDateTime and SentDatetime have been added in the select filter of getMessagebymessageID.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
SR-B82203 · Issue 342014
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-C757 · Issue 343486
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-B79734 · Issue 344352
Summary report count fixed when using filter prompt
Resolved in Pega Version 7.4
The summary data count was not getting updated in a report unless the "Prompt for filter changes before displaying report" option on Report Viewer tab (Actions -> Refresh) was unchecked. This was an error in the refresh code related to the display prompt filter check and has been corrected.
SR-C2920 · Issue 344845
Summary report count fixed when using filter prompt
Resolved in Pega Version 7.4
The summary data count was not getting updated in a report unless the "Prompt for filter changes before displaying report" option on Report Viewer tab (Actions -> Refresh) was unchecked. This was an error in the refresh code related to the display prompt filter check and has been corrected.
INC-154855 · Issue 616003
Updated expression handling when not using client side validation
Resolved in Pega Version 8.5.3
After upgrade, a declare expression used to calculate the end date when creating a schedule case was not populating the result. This was traced to a missed use case for evaluating expressions when 'Enable client side validation' is unchecked, and has been resolved.