SR-C51744 · Issue 406708
Corrected SAML SSO logout error
Resolved in Pega Version 8.2
When performing a SAML SSO Logout, an error appeared indicating some artifacts were missing. This was traced to an incorrect NameQualifier being generated with IDP in the logoff request, and has been fixed by modifying the code to include an SPNameQualifier attribute for the NameID element in the logout request. Namespace has been added for logout requests at the parent level instead adding it at each node element.
SR-C70146 · Issue 407966
Corrected SAML SSO logout error
Resolved in Pega Version 8.2
When performing a SAML SSO Logout, an error appeared indicating some artifacts were missing. This was traced to an incorrect NameQualifier being generated with IDP in the logoff request, and has been fixed by modifying the code to include an SPNameQualifier attribute for the NameID element in the logout request. Namespace has been added for logout requests at the parent level instead adding it at each node element.
SR-B85132 · Issue 334749
SAML enhancements added with OperatorContext availability fix
Resolved in Pega Version 7.4
The activity pyEstablishOperatorContext availability was incorrectly marked as final. This has been fixed and is "Available, Extension". In addition, many other enhancements have been added towards the goal of no-code configuration of SAML SSO authentication. SAML SSO is the most widely used authentication in production, but has historically required complex custom code. Please see the release notes for more information about Single Page UI Configuration and Adaptive Design for Authentication Run-time.
SR-C65438 · Issue 406709
Added SAML parameter page generation for local use to bypass null auth object
Resolved in Pega Version 8.2
After defining any step which used parameters in the Post authentication activity of a SAML authentication service, the authentication failed with a java.lang.NullPointerException at com.pega.pegarules.session.internal.mgmt.Executable.putParamValue(Executable.java:3030). This was traced to local logic inserted to iterate through the SAML attributes that used a null parameter page. To resolve this, code has been inserted that will generate a new parameter page for the iteration rather than getting it from the authentication object.
SR-C64783 · Issue 407087
Corrected handling for SAML logoff
Resolved in Pega Version 8.2
On SAML logoff, the error "There has been an issue; please consult your system administrator; Status:fail ... No certificate found in truststore" appeared. Investigation showed this was an issue with the aliasing of certificates and signing that led to the requestor not being terminated for that logoff response. To correct this, when Pega receives a logout request which is invalid, it will terminate the session instead of throwing a PRRunTimeException.
SR-A2424 · Issue 205812
Latency resolved for sites with repeated SAML authentication requests
Resolved in Pega Version 7.1.9
In an installation using SAML SSO for authentication, repeatedly initiating SAML IDP requests were eventually causing poor system performance. To resolve this, support has been added to disable replay cache handling during SSO login via a DSS.
SR-A3897 · Issue 209254
Resolved authentication requirements in activity pzSetQueryDefaults for SSO setup
Resolved in Pega Version 7.1.9
Code-Security.InitialProfileSetup does not need authentication to run, but during the SSO login it calls Code-Pega-Requestor.pzSetQueryDefaults which was hard-coded to require authentication. This was an error, and the SetQueryDefaults activity no longer requires authentication.
SR-B82203 · Issue 342014
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-C757 · Issue 343486
Empty hidden elements stripped when AAR proxy in use
Resolved in Pega Version 7.4
When using IIS WebServer and AAR proxy configuration with high security settings, submitting a form through Microsoft Internet Explorer with hidden input fields that did not have a name attribute resulted in a blank parameter name and value being added. This formed an invalid request that returned a HTTP 200 with no error message. Because Microsoft Internet Explorer does not ignore elements which have empty names, the code has been updated to remove name attributes on pycustomerrorsection hidden elements.
SR-B79734 · Issue 344352
Summary report count fixed when using filter prompt
Resolved in Pega Version 7.4
The summary data count was not getting updated in a report unless the "Prompt for filter changes before displaying report" option on Report Viewer tab (Actions -> Refresh) was unchecked. This was an error in the refresh code related to the display prompt filter check and has been corrected.