SR-D66521 · Issue 536138
Logout Redirect updated to handle special characters in IDP parameters
Resolved in Pega Version 8.3.2
When using "HTTP Redirect" in Authentication Service, the Logout Redirect service was failing due to the query parameter name containing "_" (underscore). This was traced to IDP sending parameters to assertion consumer service or logout request endpoint with names which contained any special characters, as the system was trying to put those key values on the parameter page for additional processing. To resolve this, the system has been updated to suppress exceptions when the parameters from IDP includes special characters.
SR-D67945 · Issue 529718
PDC JMS Listener accesses conversion of tenant hash to tenant name
Resolved in Pega Version 8.3.2
A new API method has been added for the PDC JMS listener to access getTenantNameFromTenantHash().
SR-D70569 · Issue 538507
Tracer retains modified user settings
Resolved in Pega Version 8.3.2
User settings in tracer were not shown when the settings window was closed and reopened. Investigation showed that settings are filtered based on watchInsKey, but this parameter was passed as "null" for global tracer because of a missing condition to check the session type. This has been resolved by adding a check so the WatchInsKey parameter is passed if the session type is rule watch.
SR-D71378 · Issue 533280
Authorization header base 64 format error recategorized as debug logging
Resolved in Pega Version 8.3.2
Numerous messages were generated indicating that the Authorization Header format was invalid when using the format " : " (Base64 Og==) . As this is the default behavior for a particular class of proxy servers, the error statement has been updated to be logged as a debug statement and will be visible only when that logging is enabled.
SR-D72636 · Issue 536087
Added handling for Authorization Server login loop
Resolved in Pega Version 8.3.2
When the Authorization server returned an error, it was redirecting back with error, error_description, and parameters. The system then tried to start the login process again, the same error parameters were returned again, and it continued to loop this way. To resolve this issue, handling has been added for this error scenario from the Authorization Server.
SR-D73002 · Issue 535256
URL Encryption and Obfuscation made compatible with site-minder
Resolved in Pega Version 8.3.2
Attempting to download a Mobile App from the Build Server resulted in an error. This was traced to Cipher text using URLEncryption: URLEncryption uses a Pega-supplied base64 to encode the cipher text with MIME type encoding by default, which adds newline character after every 72 characters. This is not compatible with site-minder. which has policies to restrict newline characters in the URL. As a result, none of the encrypted requests were being processed. To resolve this, post-processing logic has been added to remove newline characters from encoded text. This change has also been applied top URLObfuscation.
SR-D74620 · Issue 537490
Dependent role check added to HaveRole
Resolved in Pega Version 8.3.2
The HaveRole function was not checking the dependent role. This has been corrected.
SR-D74848 · Issue 536997
Updated key handling for ProcessJWT
Resolved in Pega Version 8.3.2
After configuring an authentication service which used the ProcessJWT activity to validate the token received, the error "Unable to process the Json Web Token " was seen. Analysis showed the error was caused by a duplicate Key Id in JWK Endpoint Response: the system removed keys after processing, and in the case of duplicate keys the system was throwing null pointer exception because the key had already been removed. To resolve this, the system has been updated to not remove the keys from the map as part of this process.
SR-D75053 · Issue 540911
Corrected Agent schedule time conversion
Resolved in Pega Version 8.3.2
After upgrade, a mismatch between the agent configuration and schedule was seen, causing an agent scheduled at 6PM Europe/London time to execute at 6AM Europe/London instead. Analysis of the Agent schedule rule showed that if the pyStartAmPm property was empty, the internal code miscalculated the AM_PM string as AM. That meant that if an agent was configured with 24 hour clock format and was set to run at 18:00 hrs, it executed at 6AM. The workaround for this issue involved resaving the agent, triggering the data transform pzSetStartAmPm to correct the field pyStartAmPm, but the issue has been corrected by adding handling for the pyStartAmPm == "" corner case.
SR-D75665 · Issue 538640
Corrected double-encoded URL
Resolved in Pega Version 8.3.2
A "bad request" error when trying to launch a remote trace was found to be caused by a double-encoded URL. This has been resolved by correcting the URL composition.