New JWT access token format: Authorized Access Token
Valid from Pega Version 8.5
Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.
The major benefits to using the JWT format are:
- The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
- A single token can be used with multiple applications.
- The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
- As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).
For more information, see Understanding authorized access tokens.
Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
What steps are required to update the application to be compatible with this change?
Updated Word merge support with Microsoft Silverlight plug-in
Valid from Pega Version 7.1.3
Starting in this release, Pega 7 features that integrate with the Word merge capability are now cross-browser. ActiveX controls (which are only compatible with Internet Explorer) have been replaced with Microsoft Silverlight. This plug-in must be downloaded separately from Microsoft because it is not shipped with Pega 7.
Common features that are affected by this change include the Specification form and Case Type landing page.
Prior to using these features, see the release note Word merge support with Microsoft Silverlight plug-in for more information about setting up their client systems.
BIX -I command-line option fails for unexposed properties
Valid from Pega Version 7.2.2
Business Intelligence Exchange (BIX) command-line extractions fail when the extract has a filter that uses unexposed property references that are passed in by the input file that you specified in the -I command-line option. Previously, the BIX extraction ignored the filter and the extraction did not fail.
New process for Pega Cloud customers to obtain BIX extract files
Valid from Pega Version 7.3
The process for obtaining Business Intelligence Exchange (BIX) extract and manifest files for Pega® Cloud customers has changed as a result of data security enhancements for HIPAA compliance. By default, after upgrading to Pega 7.3, you must obtain the BIX extract and manifest files from the Pega SFTP server. From within Designer Studio, you can configure the BIX extract and manifest files to be sent to a remote SFTP server by a file listener. For Pega Cloud customers who have purchased a Pega Cloud SFTP Server subscription, you can configure BIX to send the BIX extract and manifest files to the SFTP server's folders for remote SFTP client download.
For more information about obtaining files from the Pega SFTP server, see Obtaining BIX extract files from the Pega SFTP server.
For more information about having files sent to your SFTP server, see Defining SFTP-related data instances.
New privilege required to access the Search landing page
Valid from Pega Version 7.4
After upgrading to Pega® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.
For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)