When using a AuthService rule defined for LDAP using ldaps:// and a KeyStore rule that was defined to reference a local file in the server, the Test Connection button on the AuthService rule did not work and generated the following exception: "com.pega.apache.commons.httpclient.contrib.ssl.AuthSSLInitializationError: I/O error reading keystore/truststore file: null".
The error message in post authentication activity was always appearing as 'Login terminated because a post-authentication activity or policy failed' irrespective of the actual message being conditionally set in the activity based on post authentication logic. Investigation showed that the parameter page in the SSO post-authentication activity was not being passed to the 'pzShowAuthPolicyError' activity due to the post-authentication activity executing in authenticated context whereas the HTML fragment executed in the un-authenticated context.
Steve Bixby, Vice President of Product Development, chats with Marty Guyote, Senior Product Manager, Platform Security, about what's new for Security in 8.3
Creating a Truststore to use with SSL-protected resources by referencing the JKS on the file system resulted in an I/O exception. This was due to the "getCertificate" Activity that applies to Data-Admin-Security-Keystore only supporting the "Upload file" mode for "Keystore location." Because there was a hard dependency on the "pyFileSource" property, using any other option such as "URL" or "Data Page" resulted in a "No Keystore has been uploaded" Runtime Exception.
Subscribe to Security
Running a Rule-Security-Analyzer scan using a pyUnsafeURL regular expression and RSA provided items found, but the exported results did not contain line found detail. Investigation showed this was caused by the results being converted to an HTML table when the result itself contained HTML tags, resulting in broken HTML generation. To resolve this, the results will be sanitized for display as HTML.