INC-133518 · Issue 592225
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.2.8
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-134315 · Issue 578367
Resolved 400 error on second browser session
Resolved in Pega Version 8.2.8
When accessing application URLs in two tabs of a browser window, logging into the second session was throwing a 400 invalid request. This has been resolved by adding specified activities to an allow list which will bypass URLObfuscation in un-authenticated mode. Non-listed activities will be processed using URLObfuscation if it is enabled.
INC-135874 · Issue 583414
Added handling for password containing a colon on Pega Client for Windows
Resolved in Pega Version 8.2.8
If a password included a colon (:), it was possible to log in on the desktop but not Pega Client for Windows. This was due to authentication files specific to the Windows mobility client, and handling has been added to resolve the issue.
INC-137516 · Issue 592455
Invalid redirect URI logging changed from error to warn
Resolved in Pega Version 8.2.8
The Pega Mobile client was reporting an Invalid redirect URI error triggered by the OOTB AuthorizationService. This warning is not an error, and the log method has been changed form error to warn.
INC-137709 · Issue 584289
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.2.8
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.
INC-144597 · Issue 598306
Updated handling for MT query of pr_data_admin table
Resolved in Pega Version 8.2.8
When using a multi-tenant environment with Oracle, as the number of users in the environment increased, the number of queries of the pr_data_admin table "WHERE pyEnableAuthService" increased exponentially and causes system slowness. This was traced to missed handling for the @ character in the authentication service cache while requesting, and has been resolved by updating authservicecache.java.
INC-145694 · Issue 601295
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.2.8
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-142648 · Issue 594805
PRTraceServlet security check added
Resolved in Pega Version 8.2.8
Modifying the Pega application URL with PRTraceServlet displayed multiple user credentials and session information. This has been corrected with the addition of a privilege check in GetConnectionListCommand before allowing the connections list to be fetched.
INC-148056 · Issue 602837
Context updated for IACAuthentication activity trace
Resolved in Pega Version 8.3.5
After upgrade, tracing the IACAuthentication activity was not working. Investigation showed that the context object had a null tracer value, which has been resolved by updating the system so the tracer runs with the correct context.
INC-140224 · Issue 604005
Corrected SAML SSO error
Resolved in Pega Version 8.3.5
After opening a case from the Pega-FCM portal or after logging in from SSO, closing the Pega window and opening it again resulted in the error "Unable to process the SAML WebSSO request : Violation of PRIMARY KEY constraint %27pr_data_saml_requestor_PK%27. Cannot insert duplicate key in object". This was a missed use case that happens only under the old SAML configuration, and has been resolved by removing a when condition that checks for stepstatus fail for the pySAMLwebSSOAuthentication activity.