SR-D76492 · Issue 549970
Added check for test case creation when Cross-site scripting security enabled
Resolved in Pega Version 8.4.2
Test case creation was failing. Investigation showed that when the "Cross-Site Request Forgery" security setting was enabled, the CSRF token and Browser fingerprint were not included in AJAX calls, and the Ruleinskey was not getting passed. This has been resolved by adding a check to evaluate whether security measures are included or not when making a server call from AJAX, and including the tokens required when appropriate.
SR-D79831 · Issue 562802
Access Deny working as expected for Offers
Resolved in Pega Version 8.4.2
It was possible to Save-As an offer in PegaMKT-Work-Offer after encountering an access deny rule. The record was not created in Dev Studio, however, and an expected denial of access was not registered at runtime. This was due to Access deny rules not being considered as a part of validation, and has been resolved by adding the necessary permission validation to the new harness that will produce the error message informing the user that they are missing a permission. Additional work has also been done to pass the 'pzKeepPageMessages' parameter as true so that page level error messages are correctly displayed.
SR-D85111 · Issue 549198
Paging method updated for Select All in Broken Queue
Resolved in Pega Version 8.4.2
After clicking the 'Select All' box in Broken Queue In Admin Studio, scrolling up and down rapidly caused the checkboxes to be unselected. This was traced to the use of progressing paging in this scenario, and has been resolved by removing progressive paging and replacing it with the out of the box '1 of X' paging method.
SR-D90520 · Issue 552019
REST parameters updated for SauceLabs compatibility
Resolved in Pega Version 8.4.2
After configuring a call to SauceLabs testing through Deployment manager, the REST call was timing out. Investigation traced the issue to SauceLabs changing its parameter name from "browser" to "browsername", and the Pega parameter names have now been updated to reflect that change.
SR-D93181 · Issue 555469
Pega Org Structure Tools added
Resolved in Pega Version 8.4.2
An enhancement has been made available on Pega Marketplace to simplify working with large organizational structures with additional support for having more than 3,333 organizations. This allows choosing an Org, Div and Unit in the Operator ID and Application ruleforms using auto-completes rather than a tree, and can now handle up to 10,000 Organizations, 10,000 Divisions per organization, and 10,000 Units per Division. Installations exceeding those numbers will still be able to enter the name without validation problems, and a link to the Organization Chart landing page will be available for browsing that data in a tree.
SR-D95797 · Issue 556765
Branch Preference now considered for TestCase rule
Resolved in Pega Version 8.4.2
Setting branch preference from top right worked for all rule types and new rule dialog rightly set the branch, but when attempting to use this configuration for a test case, it only displayed the first branch in the app and did not follow the branch preference. This was due to the system using a separate save modal dialog for test case creation which did not consider this use, and has been resolved by implementing the branch preferences use case to show the direct preferred branch if present.
INC-118838 · Issue 560694
OKTA receives parameters on logout
Resolved in Pega Version 8.4.2
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the database, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.
INC-118927 · Issue 571492
Resolved OAuth2 mobile app loop
Resolved in Pega Version 8.4.2
When a Pega OAuth2 authorize endpoint was invoked and the redirect URI contained "app", a loop was created where the system attempted to fetch the app alias from the state parameter value and was redirected back to itself. This could sometimes result in inconsistent mobile app styling. Investigation showed that a certificate with keyword app that was picked for the redirect URI could have the key word assumed to be the app alias context, so a workaround was to remove the app keyword. To resolve the issue, the system has been updated to look for the app alias only in the state parameter rather than perform a string contains check on the entire query string.
INC-125095 · Issue 560831
SAML authreqcontext duplicate key exception logging changed to debug
Resolved in Pega Version 8.4.2
As part of work done to improve the performance of the pr_data_saml_authreqcontext table during the SAML flow, the duplicate key exception handing was creating a large number of unique constraint log messages while saving sessionInfo to the database during SAML authentication if ADFS was used because the ADFS provider session Info is always blank. This has been resolved by changing the log statement in the duplicate key exception handling to debug.
INC-125429 · Issue 561892
OKTA receives parameters on logout
Resolved in Pega Version 8.4.2
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the database, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.