INC-118838 · Issue 560691
OKTA receives parameters on logout
Resolved in Pega Version 8.2.7
When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the DB, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.
SR-D95148 · Issue 557483
Port validation updated for redirect URI
Resolved in Pega Version 8.2.7
When an offline app for windows client was generated, trying to login via SSO resulted in the error "invalid redirect_uri". This was traced to the system validating the whole loopback redirection URL, e.g. "http://127.0.0.1:1234/redirection", including the port number. To enhance flexibility, an update has been made so that the port number will not be validated, allowing the client to establish it based on availability at the moment of the request to the authorization service. NOTE: As a best practice, a loopback URL should not be configured as a redirect URI. If a loopback URL is configured, then at run time the port number will not be validated, and the client application can use any available port on the system including ports that may not be intended for use.
INC-201109 · Issue 701941
Servlet management documentation updated
Resolved in Pega Version 8.8
The documentation for Servlet management has been updated to clarify that before you can move URL patterns using the Servlet Management landing page, you must remove the web.xml file from your Pega Cloud environment. If the * URL pattern is still available in the web.xml file, it remains in read only mode and cannot be edited using the indicated steps. More information is available at https://docs.pega.com/security/87/moving-url-pattern-between-servlets
INC-205525 · Issue 699064
Documentation updated for Samesite settings
Resolved in Pega Version 8.8
The documentation for enabling and configuring cross-site scripting settings has been updated to clarify the definitions of the Samesite settings Lax, Strict and None: https://docs.pega.com/security/88/enabling-and-configuring-cross-site-request-forgery-settings None – If you select this option, Pega Platform offers no protection. The browser attaches the cookies in all cross-site browsing contexts. Lax – If you select this option, Pega Platform provides a reasonable balance between security and usability for websites that want to maintain logged-in sessions after users arrive from an external link. The browser does not send cookies in requests from non-originating sites. Strict – If you select this option, Pega Platform prevents the browser
INC-209744 · Issue 703275
Documentation for job schedulers updated
Resolved in Pega Version 8.8
The documentation for how job schedulers use System Runtime Context (SRC) has been updated to specify that at run time, any application-specific metadata such as work ID prefixes, in any of the applications in the SRC stack, is not available to the job activity.
INC-214974 · Issue 721179
Documentation updated for accessing D_pyUserInfoClaims
Resolved in Pega Version 8.8
When logging in using Org Credentials, trying to get the user details from D_pyUserInfoClaims did not return any information. This was due to the D_pyUserInfoClaims datapage being available only after authentication, so the claims information was not available during operator provisioning. The documentation located at https://docs.pega.com/security/88/mapping-operator-information-openid-connect-sso-authentication-service has been updated to include the following note: "This page becomes available and can only be accessed post authentication."
INC-217942 · Issue 716932
BIX article updated for XML extract rules
Resolved in Pega Version 8.8
The BIX article "Creating and running an Extract rule" has been updated to reflect that the "Get all properties" option fetches basic properties only, and that properties must be selected manually for non-BLOB tables.
INC-223851 · Issue 722732
Property encryption documentation updated
Resolved in Pega Version 8.8
Documentation on encryption has been updated to clarify that Property Encrypt policies can only be created in Work- Data- , and Index class descendents.
INC-225373 · Issue 737824
Documentation updated to clarify enabling "Application data encryption" cannot be undone
Resolved in Pega Version 8.8
The documentation regarding encrypting application data has been updated to clarify that once "Application data encryption" is enabled, it is only possible to change the platform cipher from one provider to another standard or custom provider but it cannot be disabled or returned to default data settings. "Caution: After you enable application data encryption, you cannot disable it and restore the default settings. However, you can change the initial encryption type to another encryption type as necessary." "Caution: If you delete the KMS master key or the KMS master key expires, Pega Platform cannot decrypt the previously encrypted data, which can result in data loss."
INC-226047 · Issue 726468
Upgrade from Pega 6 documentation updated
Resolved in Pega Version 8.8
The documentation for "upgrading from Pega Platform version 6.3 SP1 or earlier: Starting from a single-schema configuration" has been updated to clarify that a new rules schema should be specified as the target rule schema.