SR-D83605 · Issue 545587
Resolved cookie issue for Service call headers
Resolved in Pega Version 8.3.3
After upgrade, a difference in how cookies were passed in headers in Service calls resulted in failing to capture the HTTP cookie header necessary to support frontend digital signing. This has been resolved by modifying the code positioning and conditionalizing the resolved value check.
INC-157196 · Issue 629298
Deprecated service package features now require authentication
Resolved in Pega Version 8.5.3
Authentication has been added to deprecated features of the standard service package to improve security. If issues are encountered during product migration, please use the Deployment Manager.
SR-103429 · Issue 136984
Rule-Service-Java authentication in a stateless session re-enabled
Resolved in Pega Version 7.1.7
When exposing Rule-Service-Java through a service package, a proxy jar file is created. If the 'Requires Authentication' option was checked on the service package, the generated java did not contain the required code to pass through the username/password and authentication failed. This method of passing credentials via proxy method parameters was previously withdrawn for the stateless processing mode, but the java code has been reinstated to enable authentication for a stateless session if this method is desired.
SR-117840 · Issue 170516
Autopopulate correctly set/disabled in the CSR portal
Resolved in Pega Version 7.1.7
Switching to some clipboard pages caused a null pointer error in the CSR portal for the operator. This was caused by an autopopulate call being made even when autopopulate was disabled. This has been corrected.
INC-150610 · Issue 627428
Argument number exception handled for SERVICES-PAL log configuration
Resolved in Pega Version 8.5.3
An issue with being unable to configure the SERVICES-PAL log file has been resolved by adding handling for an unlogged "wrong number of arguments" exception.
INC-157194 · Issue 620153
CheckRevisionDeployment requires authentication
Resolved in Pega Version 8.5.3
Authentication has been added to the CheckRevisionDeployment service package.
INC-155813 · Issue 629506
SAML SSO redirects to correct URL when application and authentication aliases match
Resolved in Pega Version 8.5.3
Whenever there was a match in the authentication service alias and the application alias, the application alias was replaced with empty after logoff instead of making the authentication service alias empty. For example, given an authentication service with the alias XYZ ("login with XYZ" alias option) and an application name XYZMyOps, the application alias was being changed from XYZMyOps to appMyOps after logoff. As a result, a blue screen error resulted when clicking on button "login with XYZ" again because it redirected to appMyOps, which didn't exist. This has been resolved by removing authservicealias and modifying AuthServiceAliasHelper.adjustPathIfAuthServiceAliasPresent() to change the method for calculating the pathinfo to string tokenizing
SR-D87671 · Issue 547572
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.3.3
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.
SR-D87673 · Issue 548626
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.3.3
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.
SR-D75498 · Issue 545068
Resolved null-pointer exception for Token based Authenticated Rest
Resolved in Pega Version 8.3.3
When logging in with auth0 OIDC auth service and then trying to use connect-Rest with an authentication profile using an auth0 provider, a null pointer error was generated indicating connect-Rest could not find the Access token. Even thought the Authentication service (OIDC) and authentication profile (authorization grant) both had the same scopes (“openid profile email”), OIDC flow and authentication profile save the Access Token with different scopes. Specifically, OIDC saves the token with an extra trailing space. Handling has been added to correct this.