INC-176274 · Issue 666390
Timeout check added to authorization to preserve portal context
Resolved in Pega Version 8.7
When using SAML SSO Authentication Service with "Use access group timeout" and "Redirect to IDP login after logout" selected and "Force authentication" not selected, manually logging out correctly returned the view to the custom SSO login page but the timeout logout returned the default Pega login page as if SSO was not in use. Analysis showed there was a "Failed to open portal" error after doing some action post timeout, and this was traced to pyPortal page not having a value. Investigation showed this was blank due to the creation of new thread while the requestor state was perceived as unauthenticated because of the timeout. To resolve this, a timeout check has been added to the following: Authorization#setActiveAccessGroup(java.lang.String, boolean, boolean, java.util.Map) BasicApplicationContextImmutableImpl#applyApplicationProperties
SR-B55660 · Issue 316375
Removed "SHA1" hard coding from SAMLRedirectBindingHandler
Resolved in Pega Version 7.3.1
SAML logout failure was seen after using SHA256 signature encoding on an IDP that does not support SOAP. Previously,"SHA1" was hard coded to be used for verification of certificate during logout in the case of HTTP-Redirect Binding; this hard coding has now been removed from SAMLRedirectBindingHandler.verify() .
INC-157095 · Issue 638808
Enhancement added for tenant-level authentication
Resolved in Pega Version 8.7
In a multi-tenant PDC with a few tenants that utilize their own custom SSO, a pre-authentication activity inside a tenant that should block community access was also affecting tenants that did not have that pre-auth activity set. This was a missed use case and has been resolved by adding a tenantId hash in SchemePRAuth.makeUniqueSchemeName() to create the authServiceName.
INC-177737 · Issue 663141
Authentication requirement updated for CallConnector
Resolved in Pega Version 8.7
After update, invoking a REST API call during SSO login which eventually called pxCallConnector (Final Activity) in @baseclass Pega-RulesEngine failed at the CallConnector step. This was caused by a change in recent Pega versions which enabled authentication for this activity, and has been resolved by marking the activity as internal and disabling the authentication requirement.
SR-B66454 · Issue 316846
Support added for filtering labels in Join
Resolved in Pega Version 7.3.1
When class join was used in a report and the property used for filtering was a SinglePage property of the join class, then the label was not coming up in the Report Filter section. This was due to filtering labels not being shown when Join is used, and support for this has been added.
SR-B41092 · Issue 315609
Large Data Page works on repeating layout
Resolved in Pega Version 7.3.1
Using LDPs for Dynamic selects worked as expected in a mobile app, but not when used for a repeating layout in a mobile app or offline. This was traced to an issue when DP with node scope was used; regex to get the actual DP name from hashed version was not working. This has been fixed.
SR-B73514 · Issue 324049
Added new function to bypass URLScan MaxURLLength
Resolved in Pega Version 7.3.1
When Pega is fronted by Microsoft IIS WebServer with either a proxy or Web Application Server plugin, the IIS advanced security options, URLScan, are used to limit the size of URLs. When the URLScan MaxURLLength is set below about 600 characters a major static content request for core PRPC UI JavaScript files is blocked. This is a known issue when using IIS Web Server, but to enable expanded use, a 'when' function named pyIsForcedSplitJS has been added that allows overwrite as required by dividing pzHarnessStaticScripts into 4 chunks to decrease length. The format is
INC-187553 · Issue 675429
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.
INC-188080 · Issue 673783
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.
INC-188143 · Issue 674972
Service Email handling updated for MSGraph "From" address
Resolved in Pega Version 8.7
While creating cases via email listener, the "From" address was not shown when using MSGraph. This was an issue with extracting the display name when MSGraph is used, and has been resolved by adding double quotes to display the name unconditionally.