SR-D37894 · Issue 505976
Query parameters will be cleared after redirection from authentication
Resolved in Pega Version 8.4
When using the /PRAuth Servlet, running a snapstart URL generated from a secondary application correctly executed SAML Authentication and Pega processing, but a second URL generated with different parameters ran with the parameters from the first request. The third and subsequent requests processed as expected with the parameters sent in with the request. Investigation showed that the previous parameters were picked due to the query string parameters not being cleared after redirection, and this issue has been resolved by updating the system so it will clear the parameters after issuing a redirect from the authentication policy engine.
SR-D38232 · Issue 509856
Keystore certificate alias updated to support mixed case names
Resolved in Pega Version 8.4
The Java Keystore stored aliases only in lower case letters, but it accepted uppercase letters also during retrieval. This was causing the error "No certificate found in truststore : Azure AD SSOIDPCertStore with Alias : CN=Microsoft Azure Federated SSO Certificate" when the names didn't match. To resolve this, the keystore layer has been modified to support upper case letters in the certificate alias.
SR-D38522 · Issue 504674
Timeout error notification regarding waiting for package removed
Resolved in Pega Version 8.4
During long-running deployments, an error message appeared indicating that the system was awaiting completion of the package install. This was not a genuine error, and has been addressed by removing the timeout warning. The system will wait as long as necessary to install an archive.
SR-D38613 · Issue 510004
Login will not obfuscate data for unauthenticated requestor
Resolved in Pega Version 8.4
If prconfig.xml had URLencryption and SubmitObfuscatedURL enabled, logging off from the application and idling the login screen for 5-10 minutes resulted in an Http 400 error during the next login attempt and the app data had to be manually cleared. This has been resolved by setting the system to not obfuscate data if the requestor is unauthenticated.
SR-D40756 · Issue 508098
Null check added for missing IDP RelayState
Resolved in Pega Version 8.4
An "ArrayIndexOutOfBounds" exception was showing sporadically when using IDP Initiated SAML Login requests. This was traced to IDP not consistently providing the RelayState parameter to Pega, and the exception has been resolved with the addition of a null check. When the RelayState parameter is empty, the message "Missing Relaystate information in IDP Response" will be shown.
SR-D41454 · Issue 506536
Updated HotFix Manager for use in older versions
Resolved in Pega Version 8.4
The DL logic in Hotfix Manager was changed in 8.3 to include the catalog of all framework changes. This had the unintended side effect of preventing DLs from being installed in Pega 7.3.1 and lower versions as the versions included in the catalog are not present on those systems and the validation failed. This has been resolved by revising the DL update so the system will only add all apps to the catalog for platform 7.4+ DLs.
SR-D41482 · Issue 507884
SAML data pages restored after passivation
Resolved in Pega Version 8.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D41637 · Issue 512269
Mashup URLs will include thread name for better passivation recovery
Resolved in Pega Version 8.4
Mashup screens were distorted after keeping the screen idle for more than 1 hour and then trying to switch between accounts. Investigation showed that during SSO authentication the relaystate generated without including thread name in the URL, leading to the threadname not being passivated or made available during reactivation. To resolve this, the thread name will now be included in the URL.
SR-D43331 · Issue 510158
Run Ruleset Cleanup defaults to true
Resolved in Pega Version 8.4
After upgrade, the rule categories and rules were not showing correctly in the App view of the Dev Portal. Many warning messages were also logged related to the Decisioning DM Sample application. This was traced to the rules cleanup script not running properly. While there was a workaround of applying the ruleset cleanup scripts manually after removing the queries that reference the pr_engineclasses table, the cleanup will now be set to run by default (run.ruleset.cleanup=true). In addition, the logic to determine which RuleSets to include has been simplified and most of the pr4_rule_vw deletions have been combined.
SR-D44307 · Issue 509001
Refined dependency checking for Hotfix Manager
Resolved in Pega Version 8.4
The logic in Hotfix Manager was changed in 8.3 to include all Strategic Application hotfixes in the Catalog for platform versions 7.4+. However, because there are some edge cases where multiple hotfixes for different strategic application products have been shipped with the same rule changes, it was found that a DL packaged for one application could pick up hotfixes intended for another app. This prevented the DL from installing on systems where both apps were not installed. To avoid picking up these additional hotfixes, while the catalog shipped in the DL will continue to contain all apps, the system has been updated to use only a list of selected products when generating a catalog for calculating dependencies.