INC-199271 · Issue 699654
SAML-based SSO security updated
Resolved in Pega Version 8.5.6
Security updates have been made relating to SAML-based SSO code.
SR-128883 · Issue 195834
Fixed button contrast when using accessibility
Resolved in Pega Version 7.1.8
The "Select Values" button in the dialog to edit report filter had a low contrast ratio when accessibility was enabled. This was caused by the unintentional application of the repeat layout CSS to the button, and has been fixed.
INC-182530 · Issue 695759
SAML datapages cleared before new authentication
Resolved in Pega Version 8.5.6
If a previous user had not logged out or timed out when using SAML authentication, a second person using the same device/browser would end up in the first user's session after performing their own authentication. Investigation showed the second login D_SAMLAssertionDataPage was not getting refreshed with the current user login details; this has been resolved by explicitly deleting the SAML Datapages before processing a new login if the session has not timed out.
SR-130224 · Issue 200002
Fixed class pickup when Ticket Urgency is used as reference
Resolved in Pega Version 7.1.8
It was not possible to convert a summary report to a list report if the report had Ticket.Urgency as a reference and Ticket was a single page pointing to data class type property in the work class. This was traced to the drill down picking up the Urgency property from the work class, and has been resolved.
INC-195519 · Issue 698496
Support added for using CFW when Pega server is unavailable
Resolved in Pega Version 8.5.6
Data synchronization changes have been added to allow Client for Windows to work in offline mode without an AppCache manifest.
INC-195511 · Issue 693218
Check added for child join class when using ABAC
Resolved in Pega Version 8.5.6
When a join was applied on a report definition and the same join class had a child class to which ABAC was applied (for some property eg., isABC), an "invalidreference" exception (isABC) was generated. This was traced to the system taking into account the child class of the join class while running the report, and has been resolved by adding a check to handle this scenario.
SR-119772 · Issue 175593
Menu rendering corrected for Attachment Menu controls when using JAWS
Resolved in Pega Version 7.1.8
Previously, the 'add menu' button in the Attachment Menu controls did not respond to the spacebar or enter key if JAWS was active. This was due to a rendering issue with the work flow menu options and has been resolved.
SR-126156 · Issue 190077
Random ID generation changed to use OpenSAML
Resolved in Pega Version 7.1.8
In certain cases, SSO setup with SAML 2.0 failed with the message "Unable to process the SAML WebSSO request: Unable to process SAML2 Authentication". The error was due to the generated ID being sent with a "+" character in it which could not be handled smoothly. To avoid this issue, the system has been changed to use the OpenSAML API instead of using UUID when generating random IDs for all types of WebSSO requests.
INC-192464 · Issue 681858
PackageComponent updated for use with repositories
Resolved in Pega Version 8.5.6
Exporting a zip file created by the Component wizard to a repository resulted in an error, however the same process worked as expected when the zip file was created by the Product wizard. Investigation showed that pxPackageComponent was not kept up to date with new metadata requirements for Artifactory export. This has been resolved by modifying pxPackageComponent step 7 to set Param.ArtifactType to "component" and Param.ArtifactName to [component name]_[component version]. A privilege check has also been added to zipMoveExport.
INC-196414 · Issue 684237
OAuth token refreshed when revoked on source
Resolved in Pega Version 8.5.6
When an OAuth token was used to authorize the APIs in the system, revoking the token at the source, i.e. from the Service side, did not automatically refresh the token and a logoff/logon was required before a fresh token was generated. This has been resolved by adding an update to explicitly purge revoked tokens.