INC-201713 · Issue 700221
Resolved SSO logout error
Resolved in Pega Version 8.6.5
After configuring prconfig/initialization/Urlencryption/default -> true and prconfig/initialization/SubmitObfuscatedURL/default -> required, logging in to any portal using SSO resulted in a 400 error when trying to log out. This has been resolved by adding a call to the encryption Rule-Utility-Function while calling logoff activity from 'pzSingleLogoutServiceRedirectV2'.
INC-202702 · Issue 713726
Ruleset creation process updated to maintain thread scope
Resolved in Pega Version 8.6.5
On creating a ruleset, the system generated the error "There has been an issue. Please consult your system administrator." If browser cookies and site settings were cleared and the browser was relaunched before logging in and creating a ruleset, the issue did not occur. Investigation showed that the Application page was at the Requestor scope for some of the threads due to handling in the ruleset creation process that removed the Application page and recreated it in the default scope of the thread with the latest state. To resolve this, the process for deleting the Application page and recreating it on the Requestor page has been removed.
INC-212265 · Issue 714015
at+jwt header type support added
Resolved in Pega Version 8.6.5
After upgrading from Pega 7 to Pega 8, using JWT validation in the REST service package with type "at+jwt" resulted in the JSON web token being rejected during signature verification with the error "header "typ" (type) "at+jwt" not allowed". Pega uses the third-party Nimbus jar to generate and verify JWT tokens, and this issue was traced to a difference in the versions of that jar: Pega 7.3 uses the nimbus-jose-jwt 5.1 version jar, while Pega 8.6+ uses the 8.20 jar version. Nimbus rejects at+jwt header types by default from the 8.0 jar version. To resolve this and improve backwards compatibility, at+jwt header type support has been added.
INC-216154 · Issue 718236
SMTPPort parameter will be passed to ForgotPasswordUtil
Resolved in Pega Version 8.6.5
When a user triggered the "Trouble Signing in" function, the SentEmailNotification activity connection was trying to use port 25 even if the SMTP Port was configured as 587 in the Email Account instance. This was due to the SMTP Port not being passed to the SentEmailNotification activity, causing a fallback to port 25 for non-SSL connections. In order to ensure SendEmailNotification uses a specified port if configured, pySMTPPort will be passed to ForgotPasswordUtil.java.
INC-217461 · Issue 714310
Key ID made optional for JWT
Resolved in Pega Version 8.6.5
After update, Connect-REST services were failing with a Admin_Security_Token.Action error. This was traced to kID (key ID) being mandated following previous work done to address an issue. To resolve this and better support backwards compatibility, the kID has been made optional in the JWT header.
INC-219208 · Issue 717217
Updated OAuth2 registration handling for modified application definition
Resolved in Pega Version 8.6.5
After update, attempting to resave an application definition after any modification resulted in the error "Application OAuth2 client registration is failed. Error Message: PegaApp_XXBase:Client already exists". This was due to pxCreateRecord being called to create the authentication profile: as it was already present, it failed to create a new one. This has been resolved by changing pxCreateRecord to Obj-Save in this process. This change will only be applied on newly created applications using the Data-Application-OAuth2ClientRegistration instance. The solution for already exported applications is to delete the corresponding OAuth2 client (PegaApp_<application id>) and resave the application to create a new client along with the needed metadata.
INC-222213 · Issue 722507
Updated support for Client Assertion in Open ID Connect to generate unique JTI
Resolved in Pega Version 8.6.5
Following an update with an enhancement which added UI and code changes to support Client Assertion in Open ID Connect, the token expiry and issue dates were not getting set properly and the JTI was not getting generated. This has been resolved by adding code to generate a unique client_assertion on OIDC login with private_key_jwt so the JTI in client assertion will be be unique for every login.
INC-215937 · Issue 713773
Added exception handling for PageGroup alerts
Resolved in Pega Version 8.6.5
Queue items were going to the broken queue if there was an issue fetching the alert configuration from the Queue Processor rule. The error "java.lang.IllegalArgumentException: Alert id cannot be blank" was seen. This has been resolved by adding exception handling while gathering alerts from PageGroup so that a malformed alert configuration will not cause overall failure of a processed message, but instead an empty alert will be returned if configuration-data is corrupted.
INC-217781 · Issue 714185
JobScheduler updated to better handle DST change
Resolved in Pega Version 8.6.5
If a job scheduler was set to run on a weekly basis between 1 AM CET and 3 AM CET, the DST time change caused the job scheduler to skip that week. During DST, there is one 23-hour day in the year, and if execution time is set to that missing hour the system was throwing an IllegalArgumentException for the non-existent date. This has been resolved by adding a check that verifies whether a given date does exist; if it does not exist, the system will postpone execution time by one hour.
INC-218001 · Issue 719922
Error text revised for parameterized data page used for token generation
Resolved in Pega Version 8.6.5
While trying to add a claim in the header of a Token Generation Profile instance, selecting Map From as "Clipboard" and trying to give any DataPage(parameterized) as the source property failed to be saved and the error "JWS Alias— Please provide correct algorithm key with correct key length." appeared. Changing the "Map From" to a Constant and giving a dummy value worked as expected. Tracer showed the error "declare page parameters not supported by PropertyReference", indicating the actual issue: at this time, the Token profile does not support using a parameterized data page. This has been addressed by ensuring an appropriate error message is shown on save of the token profile rule form when a parameterized data page reference is configured. The error will now read "The reference D_pzPreferenceStore[PreferenceOperatorID:"[email protected]"].pxObjClass is not valid. Reason: Parameterized data page reference is not supported." Support for a parameterized data page used with Map From will be taken as an enhancement for a future release.