SR-B71077 · Issue 323027
IDP Encrypted connections working on SAML
Resolved in Pega Version 7.3.1
IDP initiated SAML 2.0 was not working, and generated the error "Unable to process the SAML WebSSO request : Missing Relaystate information in IDP Response". Authentication worked fine with unencrypted SAML token. This schema validation failure happened because encrypted attributes were previously being ignored by Pega due to an issue in the underlying openSAML library. To resolve this, a custom PegaSAMLValidator has been inserted to validate the assertion and honor encrypted attributes.
SR-B56328 · Issue 312168
RARO rules more secure against deletion
Resolved in Pega Version 7.3.1
In order to make RARO rules more secure, the system has been updated such that Class Permissions can't be deleted from the role unless the operator has permission and is operating in a valid context (unlocked ruleset). This has been done by revising the Role rule form to disable the delete button when RARO/RADO is in a locked ruleset.
SR-B57046 · Issue 314358
Parameters removed from on-screen error messages to protect sensitive data
Resolved in Pega Version 7.3.1
It was discovered that sensitive information such as account numbers used as parameters were being displayed in exception error messages displayed on the screen. Including the parameters as part of the error is intended to aid in debugging the problem, but these parameters do not need to be displayed in the UI. In order to protect potentially sensitive data, parameter values have been removed from the exception message. When the DeclarativePageDirectoryImpl logger is enabled, the parameters will be entered into the Pega log files and not shown on screen.
SR-B67143 · Issue 316168
Proxy configurations made available to OAuth2 and other clients
Resolved in Pega Version 7.3.1
Setting up Proxy for the REST Connector was not working when using OAuth2. When using OAuth2 authorization for Connector features including REST Connectors, the com.pega.pegarules.integration.engine.internal.client.oauth2.OAuth2ClientImpl class is used for connections to the OAuth2 Provider for interactions such as fetching authorization tokens. However, OAuth2ClientImpl does not have the required code for "picking up" the JVM-level proxy settings and applying them to the HTTP Client it uses, so the HTTP calls to the OAuth2 provider were always bypassing the configured HTTP proxy. In order to resolve this and enhance future use, the code in the RESTConnector module that allows REST Connectors to use HTTP Proxies has been extracted out into the "HTTPClientUtils" module so that it can be used by any consumer to apply the system's Proxy configuration to any instance of PegaRESTClient. OAuth2ClientImpl has been updated to call this during HTTP client setup, prior to making the request for data from OAuth2 Providers, and RESTConnnector has been updated to call this new implementation to replace the universal Proxy code that was refactored out of it.
SR-B48904 · Issue 309328
Localization added to Pega Marketing components
Resolved in Pega Version 7.3.1
Localization support for German, Japanese, Spanish, Italian, French and Chinese simplified has been added for the Pega Marketing application for these components: Proposition Management Landing pages - Issue, Group creation, Un Versioned and Versioned Proposition Creation, Conversion from UnVersioned to Versioned proposition, Decision Data Form, Interaction History Data Set & IH Landing Page, VBD & KPI navigation links from Designer Studio and its Landing Pages. Note : out-of-the-box properties/property values, controls, and pop-ups, can not be localized in these functionalities.
SR-B48904 · Issue 315159
Localization added to Pega Marketing components
Resolved in Pega Version 7.3.1
Localization support for German, Japanese, Spanish, Italian, French and Chinese simplified has been added for the Pega Marketing application for these components: Proposition Management Landing pages - Issue, Group creation, Un Versioned and Versioned Proposition Creation, Conversion from UnVersioned to Versioned proposition, Decision Data Form, Interaction History Data Set & IH Landing Page, VBD & KPI navigation links from Designer Studio and its Landing Pages. Note : out-of-the-box properties/property values, controls, and pop-ups, can not be localized in these functionalities.
SR-B44184 · Issue 309658
Property filter execution updated for better backward chaining
Resolved in Pega Version 7.3.1
in cases where the strategy is cyclically called and backward chaining is enabled, the declarative network was looking to load the value of a property which did not exist, leading to an error. The evaluateWhen function in the proposition filter rule execution has been modified to reset backward chaining.
SR-B48902 · Issue 318395
PegaMarketing localization tuned
Resolved in Pega Version 7.3.1
While localizing the Pega Marketing application, English strings were found in several places from Decisioning in particular, but also in the Platform in general. The localization for these has been fixed.
SR-B50813 · Issue 315070
Improved performance for Proposition updates
Resolved in Pega Version 7.3.1
While updating propositions through DSM portal it was observed that the thread count got very high while overall performance became degraded. This happened in Pega versions where the propositions are data instances and not rules. The issue was traced to the Proposition cache getting reloaded from the database table in a synchronized block; all of the strategy execution threads were waiting until the reloading completed despite strategy reading the propositions from the cache. To resolve this, the system will reload the proposition cache from the database table in the thread where the pulse message is being processed when the node receives the pulse notification. Thus other strategy execution threads will not be blocked and continue reading propositions from the cache.
SR-B66858 · Issue 315685
Cassandra fixes for AIX systems
Resolved in Pega Version 7.3.1
A Cassandra node start failure on some AIX environments was traced to a condition for checking whether Java version 1.7 and 1.8 in file cassandra-env-AIX.sh were present in the dnode-7.2.1.jar. This check is not necessary as the same check is already performed in Cassandra.java class, and it has been removed from the cassandra-env-AIX.sh script. Additionally a new system setting dnode/overwrite_cassandra_env has been introduced to allow disabling replacing cassandra-env.sh script with cassandra-env-AIX.sh (which is normally done on AIX systems).