SR-119800 · Issue 177840
Security policy transaction mismatch error resolved
Resolved in Pega Version 7.1.8
If security policies are enabled, logging out and then logging in prompts a password change. If the password was changed and then the page was refreshed, a transaction mismatch error occurred. This was caused by incomplete clearing of the password setting transaction, and the system has been updated to properly switch transactions.
SR-123636 · Issue 184161
Trojan horse protection auto-enabled
Resolved in Pega Version 7.1.8
The authentication/trojanhorseprotection previously defaulted to NEVER, creating a security vulnerability. The trojanhorseprotection setting now defaults to external.
SR-123636 · Issue 181701
Trojan horse protection auto-enabled
Resolved in Pega Version 7.1.8
The authentication/trojanhorseprotection previously defaulted to NEVER, creating a security vulnerability. The trojanhorseprotection setting now defaults to external.
SR-124473 · Issue 186179
Added handling for unauthenticated asynchronous SOAP service
Resolved in Pega Version 7.1.8
After implementing changes to work around an error with SOAP authentication, the unauthenticated asynchronous SOAP service generated an error and failed to complete. This was due to the changes to the authentication process omitting the asynchronous mode case when a SOAP service that intended to not use authentication ends up calling a sub-activity that requires authentication. This use case is now covered.
SR-126719 · Issue 177348
Added fallback keyinfo handling
Resolved in Pega Version 7.1.8
When a SAML assertion response is received in the authentication activity, an error indicated the KeyInfo was missing in the signature. This was caused by a lack of redundancy in the keyinfo handling that caused an exception when keyinfo was not included in the SAML response. Support has now been added to check the certificate in the truststore where the certificate from IDP metadata would have been imported, and there is an added null check in the debug logs.
SR-126719 · Issue 178793
Added fallback keyinfo handling
Resolved in Pega Version 7.1.8
When a SAML assertion response is received in the authentication activity, an error indicated the KeyInfo was missing in the signature. This was caused by a lack of redundancy in the keyinfo handling that caused an exception when keyinfo was not included in the SAML response. Support has now been added to check the certificate in the truststore where the certificate from IDP metadata would have been imported, and there is an added null check in the debug logs.
SR-128463 · Issue 193907
Create KeyRing updated for split schema
Resolved in Pega Version 7.1.8
If a command line script is configured (viz. keyringGen.sh) to encrypt user passwords for prconfig.xml databases using Keyring utility, a prconfig.xml could have three database entries but the keyring tool only prompted for two databases and did not allow encrypting password for the user for the third database. The prconfig.xml file requires very specific location information to run: to resolve this, the variables to hold schema name in case of split schema configuration have been added.
INC-164432 · Issue 696292
Global obfuscation key initialized on first requestor call
Resolved in Pega Version 8.5.6
When using URLEncryption = true and SubmitObfuscatedURL = optional, attempting to export an Excel spreadsheet resulted in the error "Invalid character found in the request target". This was traced to the variable pega.d.globalobfuscateKey having a null value which was then converted to a byte array and decoded, generating improper characters in the URL. After a browser refresh, the correct value was set in pega.d.globalobfuscateKey and the export worked as expected. To resolve this, an update has been made to initialize the key on the very first call in PRRequestorImpl when the global obfuscation key is determined to be NULL instead of initializing the global obfuscation key by on-demand basis from HTTPAPI.
INC-173098 · Issue 694091
Signature map updated for fetching keys
Resolved in Pega Version 8.5.6
MFA login worked with SAML 2.0 when the certificate was disabled but failed when the certificate was enabled in Auth Service. The error " "Signature algorithm is null" appeared. This has been resolved by updating the signature map to ignore case sensitivity while fetching keys.
INC-178834 · Issue 660427
RDA support added for Citrix XenApp
Resolved in Pega Version 8.5.6
Robot Runtime was not working in a Citrix XenApp environment when using the JWT token generated by the D_pxRoboticJWTToken data page to identify the user. This has been resolved by updating the scope of the datapage D_pxRoboticJWTToken from node level to requestor, which will allow the user information in the JWT token to be passed to the routing service and support the use of RDA in Citrix environments.