INC-157196 · Issue 629298
Deprecated service package features now require authentication
Resolved in Pega Version 8.5.3
Authentication has been added to deprecated features of the standard service package to improve security. If issues are encountered during product migration, please use the Deployment Manager.
SR-103429 · Issue 136984
Rule-Service-Java authentication in a stateless session re-enabled
Resolved in Pega Version 7.1.7
When exposing Rule-Service-Java through a service package, a proxy jar file is created. If the 'Requires Authentication' option was checked on the service package, the generated java did not contain the required code to pass through the username/password and authentication failed. This method of passing credentials via proxy method parameters was previously withdrawn for the stateless processing mode, but the java code has been reinstated to enable authentication for a stateless session if this method is desired.
SR-117840 · Issue 170516
Autopopulate correctly set/disabled in the CSR portal
Resolved in Pega Version 7.1.7
Switching to some clipboard pages caused a null pointer error in the CSR portal for the operator. This was caused by an autopopulate call being made even when autopopulate was disabled. This has been corrected.
INC-150610 · Issue 627428
Argument number exception handled for SERVICES-PAL log configuration
Resolved in Pega Version 8.5.3
An issue with being unable to configure the SERVICES-PAL log file has been resolved by adding handling for an unlogged "wrong number of arguments" exception.
SR-D74117 · Issue 539463
DDS service will not run Hazelcast check if external Cassandra is configured
Resolved in Pega Version 8.4.1
Services were not responding, and thread dumps seen in the logs indicated that a large number of threads were waiting for one to come back from getting the cluster state for a DSM process. Investigation showed that the threads were waiting for a Hazelcast response about the cluster state. However, since a Hazelcast call is not needed when Pega is configured with external Cassandra, the DDS Service code has been changed to not to check for candidate nodes if configured with external Cassandra cluster.
SR-D66521 · Issue 536140
Logout Redirect updated to handle special characters in IDP parameters
Resolved in Pega Version 8.4.1
When using "HTTP Redirect" in Authentication Service, the Logout Redirect service was failing due to the query parameter name containing "_" (underscore). This was traced to IDP sending parameters to assertion consumer service or logout request endpoint with names which contained any special characters, as the system was trying to put those key values on the parameter page for additional processing. To resolve this, the system has been updated to suppress exceptions when the parameters from IDP includes special characters.
INC-157194 · Issue 620153
CheckRevisionDeployment requires authentication
Resolved in Pega Version 8.5.3
Authentication has been added to the CheckRevisionDeployment service package.
SR-D68707 · Issue 529871
Update Handler will not run during migration
Resolved in Pega Version 8.4.1
Rolling restart of DataFlow, ADM ,VBD, and Util Tiers failed with a PENDING_JOINING error after an in-place upgrade. This was traced to the logic for the update timing: when nodes start after an upgrade from 7.x to 8.x they will migrate data flow runs. Migration happens on only one node, and while it's in progress the other nodes will wait until migration finishes before they come up. At this point the state of the data flow services will be 'PENDING JOINING'. The issue is that while migrating runs, the Data Flow Update Handler was triggered to validate whether there were nodes available on the service the run belongs to. This call can cause the corresponding data flow service to be initialized, but the call will be blocked since all services wait for the migration to end. This resulted in a deadlock which prevented all nodes from coming up successfully. To resolve this, the process has been updated to skip the update handler during migration to avoid triggering the initialization of client services that are waiting on the migration lock.
INC-155813 · Issue 629506
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.5.3
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing
SR-D87671 · Issue 547574
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.4.1
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.