Skip to main content

Resolved Issues

View the resolved issues for a specific Platform release.

Go to download resolved issues by patch release.

Browse release notes for a selected Pega Version.

NOTE: Enter just the Case ID number (SR or INC) in order to find the associated Support Request.

Please note: beginning with the Pega Platform 8.7.4 Patch, the Resolved Issues have moved to the Support Center.

INC-130299 · Issue 583924

Updated SSO operator authentication handling after passivation

Resolved in Pega Version 8.1.9

With SSO enabled and the pyAccessGroupsAdditional value list populated with the Mapping tab, attempting to access an expired session with an old cookie resulted in a stale thread exception while mapping value list attributes. This was due to using an AuthServicePage which was created by another session thread that had become stale for current session, and has been resolved by updating the code to call the authenticateoperator method on the authservicepage copy.

INC-135874 · Issue 58341

Added handling for password containing a colon on Pega Client for Windows

Resolved in Pega Version 8.1.9

If a password included a colon (:), it was possible to log in on the desktop but not Pega Client for Windows. This was due to authentication files specific to the Windows mobility client, and handling has been added to resolve the issue.

INC-137709 · Issue 584291

New security role added to restrict access to development-specific classes

Resolved in Pega Version 8.1.9

A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.

INC-137978 · Issue 586184

CDK key loading modified for better database compatibility

Resolved in Pega Version 8.1.9

Users were unable to log on to the system and received the error "There has been an issue; please consult your system administrator." Investigation showed the log errors stating "(dataencryption.DataKeyProvider) ERROR localhost - Could not get CDK from systemKeyManagementCache - System CDK is null". This was an issue specific to the MS SQL Server database when there were 6 or more CDKs in the database: CDK keys are loaded from database into Cache using an SQL statement which had the ORDER clause. By default, the ORDER clause treats NULL values differently on different databases, and this caused MS SQL databases to not load a necessary CDK key. To resolve this, the SQL query has been modified so the result will be the same for all supported daatbases (Oracle, Postgres & MS SQL Server).

INC-138490 · Issue 591016

Handling added for samesite cookies with httpOnly

Resolved in Pega Version 8.1.9

After enabling samesite cookies on Google Chrome to support Mashup login, intermittent issues were seen with a non-mashup login where entering the OperatorID and password only resulted in a refresh of the login screen. This was traced to a scenario where an httponly cookie attribute was present along with samesite cookie attributes, and has been resolved by adding handling for a condition where samesite is set and httpOnly is enabled.

SR-D95148 · Issue 557485

Port validation updated for redirect URI

Resolved in Pega Version 8.1.9

When an offline app for windows client was generated, trying to login via SSO resulted in the error "invalid redirect_uri". This was traced to the system validating the whole loopback redirection URL, e.g. "http://127.0.0.1:1234/redirection", including the port number. To enhance flexibility, an update has been made so that the port number will not be validated, allowing the client to establish it based on availability at the moment of the request to the authorization service. NOTE: As a best practice, a loopback URL should not be configured as a redirect URI. If a loopback URL is configured, then at run time the port number will not be validated, and the client application can use any available port on the system including ports that may not be intended for use.

INC-118838 · Issue 560694

OKTA receives parameters on logout

Resolved in Pega Version 8.4.2

When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the database, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.

INC-118927 · Issue 571492

Resolved OAuth2 mobile app loop

Resolved in Pega Version 8.4.2

When a Pega OAuth2 authorize endpoint was invoked and the redirect URI contained "app", a loop was created where the system attempted to fetch the app alias from the state parameter value and was redirected back to itself. This could sometimes result in inconsistent mobile app styling. Investigation showed that a certificate with keyword app that was picked for the redirect URI could have the key word assumed to be the app alias context, so a workaround was to remove the app keyword. To resolve the issue, the system has been updated to look for the app alias only in the state parameter rather than perform a string contains check on the entire query string.

INC-125095 · Issue 560831

SAML authreqcontext duplicate key exception logging changed to debug

Resolved in Pega Version 8.4.2

As part of work done to improve the performance of the pr_data_saml_authreqcontext table during the SAML flow, the duplicate key exception handing was creating a large number of unique constraint log messages while saving sessionInfo to the database during SAML authentication if ADFS was used because the ADFS provider session Info is always blank. This has been resolved by changing the log statement in the duplicate key exception handling to debug.

INC-125429 · Issue 561892

OKTA receives parameters on logout

Resolved in Pega Version 8.4.2

When using an OIDC logout endpoint with a parameter set as a data page value, the data page retrieved the ID Token from the database, but when logout was clicked the datapage name was being displayed in the browser instead of the IDToken. To resolve this, code has been added to support sending ID token parameters for logoff endpoint for OKTA logoff using OpeniD connect.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us