SR-D25711 · Issue 502136
Updated dependent role validation during rule deletion
Resolved in Pega Version 8.4
After checking out and attempting to private-edit the "PegaRULES:WorkMgr4" AR, the rule was still shown as checked out after the edit was discarded. This was a missed use case, as Private checkouts are generally not enabled for most of the customer rulesets. To resolve this, roles in private checkout and branch rulesets will be excluded from going through dependent role validation during rule deletion.
SR-D25972 · Issue 501483
Handling added for custom error message in post-authentication activity
Resolved in Pega Version 8.4
The error message in post authentication activity was always appearing as 'Login terminated because a post-authentication activity or policy failed' irrespective of the actual message being conditionally set in the activity based on post authentication logic. Investigation showed that the parameter page in the SSO post-authentication activity was not being passed to the 'pzShowAuthPolicyError' activity due to the post-authentication activity executing in authenticated context whereas the HTML fragment executed in the un-authenticated context. In order to support this use, post-authentication activity will set the error message on a predefined property and propagate that to the HTML fragment by appending the error message as a query parameter in the redirect exception URL post-authentication failure.
SR-D28034 · Issue 497839
Asynchprocessor generation code deprecated from distribution
Resolved in Pega Version 8.4
During a Pega Rules Upgrade of the environment, the error "duplicate key value violates unique constraint "pr_data_admin_pk" was observed. This exception originated from the "Upgrade Context" target while executing a query to fetch the missing ASYNCPROCESSOR requestors for all available system names, and was caused by the system attempting to insert a single ASYNCPROCESSOR requestor more that once in the shared layer. The need to generate missing requestors only applied for installations where a custom system name was provided to the deployment properties (setupDatabase), so by default the asyncprocessor generation code has been removed from the distribution as it is no longer required for upgrades. Default system behavior now is to use system-runtime-context in place of async requestors.
SR-D28342 · Issue 504972
ChatMashup loading issue with IDP resolved
Resolved in Pega Version 8.4
When using a harness containing chat scripts via Mashup that called an activity to set parameters, attempting to launch the Mashup from an external application failed on the first attempt: an incorrect URL was generated and the activity was not triggered, resulting in an empty harness. The second attempt to launch the Mashup worked as expected. This was seen when using an IDP initiated Login with query string - pyActivity= classname.ActivityName, and there was a workaround to use SP initiated login or to use the activity URL directly on the IDP portal. Investigation showed that the resourcePath was coming as http in SSL enabled system, but the reqURI was still https. To correct this, the system has been updated so that if the reqContextURI starts with https and the requestURL starts with http, then the requestURL will be converted to https.
SR-D28460 · Issue 509366
Added timeout handling for non-PRAuth servlets
Resolved in Pega Version 8.4
After logging in via external authentication service (SAML Single Sign On) and setting up a timeout in the access group RuleForm, when the user performed any action and the server identified the request to be timed-out, it was expected that a SAML request would be sent from the browser to the external Authentication Server (referred as IDP) and the flow would proceed from there. This worked as expected for a non-AJAX request. To resolve this, handling has been added for timeout when using non-PRAuth authentication services.
SR-D28719 · Issue 505968
Null archive check added to set import process status
Resolved in Pega Version 8.4
After running a 'prpcServiceUtils.sh import' which failed due to a low-level null pointer error, the job "IMPORTREQUEST-2" then incorrectly showed the status as 'IN PROGRESS' instead of 'FAILED'. In this case, the null-pointer exception occurred because two imports were unintentionally happening at the same time: the process copied up the same set of archives to the service export directory, but the first import processed an archive and deleted it so that the second process failed to find it. When it exited with the null-pointer exception, the status was not set to 'failed'. To resolve this, a null archive check has been added which will set the status to 'failed' if the archive is unsupported, corrupt, or not there at all.
SR-D29127 · Issue 506864
SAML data pages restored after passivation
Resolved in Pega Version 8.4
If login used SAML SSO, resuming the session after passivation resulted in missing or empty data pages when using an SAP integration with Pega Cloud. This was traced to a security change that modified the D_SAMLAssertionDataPage and D_SamlSsoLoginInfo data pages as readonly, causing them to not be passivated under these conditions. To resolve this, the data pages have been made editable so they will be restored as expected. This change also resolves any difficulty with SAML logoff activities in conjunction with SAP and Pega Cloud.
SR-D29485 · Issue 503513
Enhancement added to modify URL encryption for load testing
Resolved in Pega Version 8.4
An enhancement has been added which allows conditionally modifying URL encryption for load testing. This uses the flag crypto/useportablecipherforurlencryption: if true, a portable hardcoded key is used to encrypt the URLs and if false, a dynamically generated key per thread/requestor is used to encrypt the URL.
SR-D30955 · Issue 499873
Security updated for access roles
Resolved in Pega Version 8.4
Updates have been made in order to prevent a potential security issue related to browsing access for the Organization and Security: Groups and Roles view in Dev Studio.
SR-D36004 · Issue 513617
Check added before OperatorID page in the clipboard is deleted
Resolved in Pega Version 8.4
After configuring an access group with security policies and a one minute timeout, triggering the timeout and then failing authentication before correctly authenticating was resulting in the .operatorID page being deleted from the thread->System pages and the workIDs were listed from all workbaskets in the portal. This has been resolved by adding a check for whether the operator id page is in thread level or not before deleting it.