Blue Prism 7.1: June 2022

About this release

The tables below summarize the components that relate directly to this Blue Prism Enterprise release.

Core components

The following components are included in the Blue Prism Enterprise installers:

Database

486

This release requires the Blue Prism database to be this version. This is the first Blue Prism release to use this database version.

Browser extensions
(Chrome, Firefox, and Edge)

7.1.0

See the browser extensions section for details of fixes and enhancements that have been made in this release.

For the latest compatibility information, see the browser compatibility matrix in the Blue Prism online help.

Additional components

The following components are available with this Blue Prism release, but must be installed separately if they are required in your Blue Prism environment:

Login Agent

7.1

No functional updates have been made to the Blue Prism Login Agent since Blue Prism 6.7. The Login Agent version that is provided with this release of Blue Prism has the same functionality as the version provided with Blue Prism 6.7.

Data Gateways engine

1.4

The Data Gateways engine version 1.4 must be installed to use Data Gateways with Blue Prism 7.1.

Download the installer from the Blue Prism Portal via Product > Blue Prism Enterprise > Extras.

Blue Prism API

7.1

The Blue Prism API version installed must always be the same as the Blue Prism Enterprise version number to use the API.

See Blue Prism API for details of enhancements and improvements to the API reference and functionality.

Download the installer from the Blue Prism Portal via Product > Blue Prism Enterprise > Blue Prism 7.

Compatible Blue Prism Hub components and plugins

The following components are part of the Blue Prism Hub release, but are required to utilize specific Blue Prism functionality:

Authentication Server

4.6

The Blue Prism Enterprise 7.1 release requires this version of Authentication Server to be able to leverage the related new features included in this release of Blue Prism.

See Authentication Server for details on enhancements to the Authentication Server functionality.

Control Room plugin

4.6

The Control Room plugin must be this version to leverage the features in the Blue Prism 7.1 release. The Control Room plugin is dependent on the Blue Prism API.

The Hub Control Room plugin version 4.6 is dependent on the Blue Prism API version 7.1, see Upgrade notices for more details.

See the Hub release notes for details of enhancements and fixes to the browser-based Control Room.

Known issues

A list of any prominent issues with this release is maintained in the knowledge base – click here for more information.

Important notices

Please review the upgrade notices for more details and before upgrading to this release.

Secure development policy

As part of our secure development policy, Blue Prism products are evaluated against the following security standards:

  • OWASP Top 10 –The security vulnerabilities that pose the most risk to applications development. Further information

  • SANS CWE Top 25 – The most common software security vulnerabilities found throughout the software development industry. Further information

  • Federal Information Processing Standard (FIPS) Publication 140-2 – U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products.

  • Payment Card Industry Data Security Standard (PCI DSS).

  • Health Insurance Portability and Accountability Act (HIPAA).

  • Federal Information Security Management Act (FISMA).

A compliance highlight summary report is available upon request via Product Support.

Blue Prism core components

The following enhancements, fixes, and minor improvements have been added to the Blue Prism core functionality in version 7.1:

Enhancements

The enhancements included in this release cover the following categories:

Active Directory integration

For further guidance, see Active Directory Integration, Active Directory domains, and SPN configuration.

Description of change

Reference

When using Active Directory Single Sign-on in Blue Prism, it is now possible to configure the system to support users from across multiple forests within a common Active Directory Network Infrastructure with options for role management either in Blue Prism or Active Directory, or both. Previously, users across multiple forests could be accommodated only if managing the user role assignment directly in Blue Prism; whereas assigning roles via Active Directory security group membership only supported users within a single common Active Directory forest.

Active Directory authentication must be enabled on the Security - Sign-on Settings screen and the appropriate credentials for each relevant domain must be configured in Blue Prism.

This applies to all scenarios below:

  • Active Directory users logging into the interactive client via Authentication Server.
  • Active Directory users logging into the interactive client using built-in authentication.
  • Authentication of AutomateC commands, runtime resources, and process alerts via the /sso command line parameter.
  • Authentication of the telnet commands /getauthtoken, /user and /password via User Principal Name (UPN), username, and user ID.
  • Active Directory authentication when calling web services exposed on runtime resources.

  • When using the AutomateC /rolereport command to generate a report on all the roles and associated permissions for each user in the system.

BP-4445

BP-4446

BP-5786

BP-5456

BP-6354

BP-4447

BP-6347

BP-6346

BP-6334

BP-5898

BP-6355

BP-6341

BP-4453

Active Directory users can now be created in Blue Prism either by manually creating users and directly assigning roles and permissions to them via the Create User Wizard, or by mapping Active Directory security groups to Blue Prism roles via the Role Membership dialog.

Users belonging to Active Directory security groups are created in Blue Prism either when they log into Blue Prism for the first time, or by using the  Synchronize users with Active Directory option available when clicking the menu button on the Security - Users screen. When this option is enabled, Active Directory users across both single and multiple forests will be synchronized.

An Active Directory's user details are refreshed in Blue Prism from Active Directory every time they log into Blue Prism, but administrators can refresh the details of all Active Directory users in the user list by selecting the Synchronize users with Active Directory option, regardless of how they were created, as follows:

  • Any new Active Directory user accounts assigned to a security group which is mapped to a Blue Prism role will display in the Blue Prism user list.
  • Any user accounts disabled in Active Directory will be marked as deleted in Blue Prism. If a previously disabled account has been re-enabled in Active Directory, it will display in the Blue Prism user list again.
  • Any user accounts deleted from Active Directory will be marked as deleted in Blue Prism, but they can no longer be reinstated.
  • Any updates to a user’s Distinguished Name or UPN in Active Directory will display in Blue Prism. If the UPN is updated, the user’s username will be updated accordingly.
BP-4442

BP-5333

BP-5331

BP-5536

BP-5335

BP-4597

 

The following behaviors will occur when an Active Directory user is attempting to: access the browser-based Control Room in Hub; access the Blue Prism interactive client; and authenticate AutomateC commands and runtime resources using the /sso command line parameter:

  • If an account does not already exist for the user, a Blue Prism account is automatically created in the Blue Prism database.
  • If a user has no Blue Prism roles assigned when attempting to log into the interactive client, either directly in Blue Prism or via security groups in Active Directory, they will be prevented from logging in.
  • If a user account has been deleted/disabled in Active Directory, it will be marked as deleted in Blue Prism and the user will be prevented from logging in.
  • If a user account has been marked as deleted in Blue Prism, the account will be restored if it is subsequently reinstated in Active Directory, regardless of whether they are assigned Blue Prism roles or not. This occurs either when the administrator synchronizes the user list with Active Directory, the user logs into Blue Prism, or the user details are edited in Blue Prism.

BP-5191

Blue Prism system administrators can now view, add, edit, and delete Active Directory domains and associated credentials stored in the database via a new Sign-on Settings - Active Directory Domains screen.

When adding a new domain:

  • The domain name must be fully qualified using the format subdomain.domain.com or domain.com.
  • The domain name and mandatory credentials are validated against the Active Directory domain controller.

Credentials are stored when creating or editing an Active Directory domain. The username and password are encrypted before storage.

The credentials stored for each domain should be that of an Active Directory service account. This service account's password should not expire, should not be a user account, and should follow Active Directory service account best practices.

BP-5166

BP-5180

BP-5169

BP-5167

BP-5767

BP-5406

BP-6399

When searching Active Directory for users or security groups on a device connected via an application server, the credentials stored against the domain and encrypted in the database are now used to execute this query. If no stored credentials are found, queries that require authentication will be executed under the context of the Windows account running the Blue Prism application server. It is no longer possible to provide custom credentials.

When searching Active Directory for users or security groups on a device that is connected directly to a database and no stored credentials are found, queries that require authentication will be executed under the context of the Windows account that was used to launch, and run, Blue Prism locally.

BP-4796

The credentials stored against Active Directory domains in the Blue Prism database are now used during the authentication of Active Directory users from those domains, to enable reading from the appropriate domain controller.

The stored credentials are used in the following scenarios:

  • Authentication of process alerts via the alerts/sso command. To authenticate the command, credentials must be saved for domains in all appropriate forests and the user must have the Subscribe to Process Alerts permission assigned in Blue Prism.
  • Authentication of telnet user, password, and getauthtoken commands via UPN for Active Directory users.

  • Built-in authentication to the Blue Prism interactive client.

  • Built-in authentication of runtime resources.

  • Built-in authentication of the AutomateC commands using the sso command line parameter.

  • When calling a process that has been exposed as a web service using an Active Directory UPN and password.

  • When logging into the Blue Prism interactive client via Authentication Server to retrieve Active Directory user record and determine the user's security group membership.

No credentials are required when upgrading from a single forest environment and/or environments where the account running the Blue Prism application server is authorized to read from all domain controllers in the environment.

BP-6577

BP-6405

BP-6402

BP-6401

BP-6400

BP-6404

BP-6403

If using the following connection modes with a Blue Prism Server connection, a Service Principal Name (SPN) must be configured against the Active Directory (AD) account under which each Blue Prism Server service instance is running:

  • WCF: SOAP with Message Encryption & Windows Authentication
  • WCF: SOAP with Transport Encryption & Windows Authentication
  • .NET Remoting Secure

This is because when a Blue Prism interactive client or a runtime resource connects to an application server using one of the connection modes above, the Microsoft Negotiate Security Package is used to select the best Security Support Provider (SSP) to authenticate the connection. The internal code of the Blue Prism interactive client provides the expected SPN to the Microsoft Negotiation Security Package, which prompts Microsoft Negotiation to select the Kerberos SSP over New Technology LAN Manager (NTLM) SSP, provided the SPN is present in Active Directory.

This configuration applies to all Blue Prism environments, however, if the Active Directory account under which your BP Server instances are running resides in a different domain to the Active Directory account used for the Blue Prism interactive client and runtime resource, the additional configuration outlined below is required.

The following two new settings must be configured on the Connection Configuration screen in the Blue Prism interactive client:

  • Kerberos Realm – This must be configured for each Blue Prism Server connection in the interactive client where the user's Kerberos realm is different to that of the account configured to run Blue Prism Server. The option can also be set via the new AutomateC command /setkerberosrealm, for example, /setkerberosrealm mycompany.com. The Kerberos realm is usually the same as the domain name, however, please check with your IT team for the correct value.
  • Force NTLM – This forces Microsoft Negotiate Security Package to select New Technology LAN Manager (NTLM) as the Security Support Provider (SSP) when authenticating connections. This option is provided so that NTLM can be used when Kerberos is unavailable or not configured (see SPN configuration). This option can also be set via the new AutomateC /forcentlm, for example, /forcentlm true, for the last used or specified connection (using the /dbconname switch) when authenticating the Blue Prism server connection.

    Please consult with your security team before enabling this option as NTLM is considered a less secure protocol.

BP-7917

BP-8051

BP-6576

If login failures or performance issues are encountered during the login process via Active Directory, system administrators can manually configure trusted Active Directory domains that will be queried during the login process. If at least one Active Directory domain is manually configured, these  settings will be used during the login process to query only the configured domain(s), rather than programmatically identifying which domains can be queried. For more information, see Single sign-on troubleshooting.

A database script (BP-9497-ConfigureTrustedDomain.sql) with the manual configuration is available for download from the Blue Prism Portal.

BP-9497

To improve performance during login, the behavior of the cache that stores the discovered Active Directory domains can be configured by setting a refresh interval and a maximum cache duration.

This cache is populated in Blue Prism when establishing a direct database connection, starting a Blue Prism application server, and enabling Active Directory authentication. If logging in using a direct database connection, users may be unable to successfully log in while the cache is being populated. For more information, see Single sign-on troubleshooting.

A database script (BP-9654-SetCacheDurationAndRefreshInterval.sql) with the cache configuration is available for download from the Blue Prism Portal.

BP-9654

Authentication settings

For further guidance, see Authentication in Blue Prism and Security - Sign-on Settings.

Description of change

Reference

The Security - Sign-on Settings screen has been redesigned to improve accessibility and better reflect the authentication methods available:

  • The main user authentication options have been renamed as follows: User login via Authentication Server (required if using the browser-based Control Room with the current Blue Prism environment) and User login using built-in authentication (no support for the browser-based Control Room).
  • The existing Active Directory and Blue Prism native authentication methods display under a new Built-in authentication settings submenu. The built-in authentication methods available are also used to authenticate runtime resources, telnet commands, AutomateC commands, and when calling web services exposed on runtime resources.
  • The Password Rules section has been renamed to Password rules for native authentication and has been rearranged in a more logical sequence. Password rules are only applicable to Blue Prism native authentication.
  • The Login Options section has been renamed to Native login options and only displays if User login using built-in authentication and then Blue Prism native authentication have been selected.
  • The login option Show a list of users on the login screen available in previous versions of Blue Prism has been removed to improve performance.
  • A  new Role management for Active Directory users section allows administrators to determine how Active Directory user roles are managed. At least one of the following options must be selected if Active Directory authentication has been enabled under Built-in authentication settings:

    • Manage role membership in Blue Prism – Active Directory users are directly assigned to Blue Prism roles. Users can be assigned to multiple Blue Prism roles.

    • Manage role membership in Active Directory – Active Directory security groups are mapped to Blue Prism roles. Users can be assigned to multiple Blue Prism roles by being a member of multiple relevant Active Directory security groups.

    These options apply in all situations when Active Directory authentication is used:

    • Logging into the interactive client via Authentication Server.
    • Logging into the interactive client using built-in authentication.
    • Authentication of runtime resources and AutomateC commands using the sso command line parameter.

    • Authentication of web service requests and telnet commands using Active Directory credentials.

    If only Blue Prism native authentication has been enabled under Built-in authentication settings, these options can be left unselected on the screen.

BP-4430

BP-5260

BP-7335

 

The Blue Prism login screen has been updated to display the following options based on the authentication types enabled for the deployment. Administrators can configure these settings on the Security - Sign-on Settings screen in the interactive client.

Authentication type on Security - Sign-on Settings screen

Login screen option

User login via Authentication Server Sign in using Authentication Server
User login using built-in authentication, with both Blue Prism native and Active Directory authentication enabled
  • Sign in using Blue Prism credentials
  • Sign in using Active Directory
  • User login using built-in authentication, with only Active Directory authentication enabled Sign in using Active Directory
    User login using built-in authentication, with only Blue Prism native authentication enabled Sign in using Blue Prism credentials

    BP-4444

    Citrix integration

    For further guidance, see Citrix Integration.

    Description of change

    Reference

    The following enhancements have been added to the Citrix integration capability:

    • Users can now also automate Win64 applications via a Citrix Virtual Desktop Environment (VDE) in addition to Win32 applications. Both the 64-bit and 32-bit external Citrix modes are available for selection in the Application Modeller.
    • Users no longer need a full installation of Blue Prism on the Citrix VDE. They can now select to install a Blue Prism agent on the Citrix VDE which installs only the files necessary to automate applications on a Citrix VDE.
    • Internet Explorer (IE) can now be used when automating Citrix applications via the Application Modeller. Users can now select Browser‑based Application (Internet Explorer) when they have specified in the Application Modeller wizard that Citrix is being used. They can spy elements on IE in a Citrix VDE.

    BP-3445

    BP-3788

    BP-4471

    Database settings

    For further guidance, see Create a new database and Upgrade notices.

    Description of change

    Reference

    When creating a new Blue Prism database, users no longer have to choose between single‑authentication and multi‑authentication environments. A single Blue Prism database now covers all environment types and authentication methods.

    The Create a new database screen has been updated to reflect this change. The Configure Database button on the Connection Configuration screen has also been removed as the configuration steps previously included in this action are now carried out via the user interface.

    Deployments upgrading from an earlier version will be converted to the new database type as part of the database upgrade.

    The external authentication capability via Authentication Gateway introduced in Blue Prism 6.10 is not supported in the currently available versions of Blue Prism version 7.

    BP-4242

    BP-4450

    The following functionality is no longer available as it is no longer required to support the new database type which covers all supported Blue Prism environment types and authentication methods:

    • The Single Sign-on section on the Security - Sign-on Settings screen  has been removed. This also removes the database conversion tool introduced in Blue Prism 6.9 which converts a single-authentication Active Directory database to a multi-authentication Active Directory database.
    • The SingleSignon environment function can no longer be used in Process and Object Studio. The function is no longer required as it was previously only used to distinguish between single-authentication and multi-authentication environments. This function was applied to Alert, Calculation, Choice, Decision, Exception, and Multi Calc stages in Process and Object Studio.

      Processes and business objects which previously used this function will need to be reworked without the function.

    • The Manage Access Rights screen in Process Studio no longer displays a user list when managing access rights for multi-team environments. This was previously only visible when configuring access rights in multi-authentication environments.

    • The command line parameters /setadadmingroup and /setaddomain used in conjunction with the /createdb, /replacedb, /upgradedb and /getdbscript commands are no longer available. The Active Directory Admin Group is now configured by assigning a security group to the System Administrators role via the Role Membership dialog.

    • The /configuredb command line parameter is no longer available as the configuration steps previously performed via this command are now carried out in a different way:

      • The Active Directory domain in which the security groups reside no longer needs to be set, because the security groups can now reside in multiple domains; and domain details are automatically captured when mapping security groups to roles in Blue Prism.
      • The Active Directory Admin Group is now configured by assigning a security group to the System Administrators role via the Role Membership dialog.

    BP-4259

    BP-4452

    BP-4451

    BP-5554

    Localization

    Description of change

    Reference

    A new Attribute Identifier input parameter has been added to the Get Attribute action in Application Modeller for Read and Wait stages, to be used instead of the Attribute Name parameter. This enables processes to still run successfully in Studio as well as on runtime resources when the environment is configured to display in a different language to that in which the attribute name was originally added.

    Previously, processes that included Read actions for getting attributes, and Wait actions for checking attributes, had non-localized parameters that would fail to execute when a device was configured to display in a language other than English.

    This issue occurred because the Attribute Name parameter uses the display name of the attribute, so when processes were run in this scenario, attribute names originally added in a specific language during the process design did not match the translated attribute names.

    This issue affected the actions listed below.

    Stage type Actions
    Read
    • Get Window Attribute
    • Get AA Attribute
    • Get HTML Attribute
    • Get JAB Attribute
    • Get UIA Attribute
    Write
    • Check Window Attribute
    • Check AA Attribute
    • Check HTML Attribute
    • Check JAB Attribute
    • Check UIA Attribute

    The new Attribute Identifier parameter drop-down is populated by a static list of localized attribute names associated with each spy mode. These display to the user as localized friendly text, but selections from the drop-down return language-agnostic identifiers that are stored in the process XML, so will work whichever display language is chosen.

    See the Upgrade notices for more information about backwards compatibility, and the usage of the new Attribute Identifier parameter.

    Additionally, the changes below have been made to action names. As only the display names for these actions have changed and the internal IDs have not changed, any existing process XML is unaffected.

    • The Read and Wait stage actions (listed above) now all have the display name Get Attribute or Check Attribute (as appropriate) for consistency, because they all perform the same task, whatever the spy mode.
    • The Get Attribute action for Chrome, Edge, and Firefox browsers has been renamed to Get HTML Attribute. This reflects its actual purpose, and avoids confusion with the Get Attribute action, which gets the spied attributes.
    BP-6496

    Optical Character Recognition (OCR)

    For further guidance, see Optical Character Recognition (OCR).

    Description of change

    Reference

    The Blue Prism native character recognition functionality has been enhanced as follows:

    • A new Recognise Text (OCR Plus) action has been added to the Read stage in Object Studio.
    • A new OCR Plus option has been added to the Font Generator dialog accessible from System > System - Fonts.
    • A new OCR Plus option has been added to the Generate a Blue Prism Font dialog accessed from the Blue Prism Region Editor when automating a region from the Application Modeller via the Recognise Text (OCR Plus) action.

    These options provide improved accuracy and robustness, with less configuration required to define color and font parameters. Additionally, Regex-based disambiguation provides enhanced text recognition for more fine-grained control of which text is selected.

    BP-2335

    BP-7554

    BP-7560

     

    Roles and permissions

    For further guidance, see Manage roles and Security - Sign-on Settings.

    Description of change

    Reference

    Blue Prism system administrators can now manage the membership of roles for all account types in the system in one place – native, Active Directory or Authentication Server user accounts, as well as Active Directory security groups and Authentication Server service accounts.

    A new Role Membership dialog displays when clicking the Manage role membership button on the Security - User Roles screen. Administrators can assign one or more users and/or security groups to a role by searching for existing users in Blue Prism or for security groups in Active Directory if Active Directory authentication has been enabled.

    BP-4437

    BP-4438

    BP-4644

    BP-4439

    The Roles and Permissions tab on the User Settings screen now displays the roles assigned to a user depending on the authentication type and, if applicable, on the role membership option selected for an environment on the Security - Sign-on Settings screen.

    BP-5846

    BP-6451

    The left panel of the Roles and Permissions tab on the User Settings screen has been updated to make a distinction between roles assigned to users directly and roles assigned to Active Directory security groups.

    The roles themselves cannot be edited in the left panel, however one or more roles can be directly assigned to a user of the following type:

    • Blue Prism native user
    • Authentication Server user
    • Authentication Server service account
    • Active Directory user if the Manage role membership in Blue Prism option is enabled on the Security - Sign-on Settings screen

    If the Manage role membership in Active Directory option is enabled on the Security - Sign-on Settings screen, the left panel will also show any roles a user inherits from their Active Directory security group(s). These roles cannot be edited or assigned here – security groups are mapped to roles via the Role Membership screen.

    The resulting permissions the user will receive from these roles can still be viewed in the right panel.

    The screen displaying an Active Directory user's details has been renamed from User Settings to User Details as all Active Directory account details are managed in Active Directory.

    BP-5268

    BP-5269

    BP-5855

    Fixes and minor improvements

    The fixes and minor improvements included in this release cover the following categories:

    Active Directory integration

    Description of change

    Reference

    Active Directory users can no longer be unintentionally deleted from Blue Prism by pressing the Delete key on the keyboard.

    BP-6350

    When using Active Directory authentication, the Blue Prism Server connection mode check no longer occurs during database configuration. Previously, an error message displayed if the non-supported connection modes (WCF: SOAP with Transport Encryption, WCF: Insecure, and .NET Remoting: Insecure) were selected when creating a single-authentication Active Directory database.

    When creating a new database in version 7.1, the distinction between single-authentication and multi-authentication environments is no longer made, so the check for the connection mode is now performed when a user attempts to log in using Active Directory either via the interactive client or the command line tool.

    The descriptions for the Blue Prism Server connection modes have been updated to indicate whether they support Active Directory authentication or not, to help prevent users from selecting an unsupported option.

    BP-4449

    BP-5812

    When upgrading from a single-authentication Active Directory environment to a 7.1 database (which covers all environments types and authentication methods), if a security group cannot be found in Active Directory based on the existing data stored, a warning message displays in the Role Membership dialog prompting the administrator to re-assign the security group to the Blue Prism role(s) it was previously assigned to.

    Built-in security groups are not supported so if a Blue Prism role is assigned to a built-in security group, the administrator will need to create a custom group, add the users from the in-built security group to the custom group and assign it to the Blue Prism role.

    BP-5704

    When upgrading from a Blue Prism version earlier than 5.0.24, the format of the Active Directory domain and security groups mapped in the database are updated to the format that is used in version 7.1. The first login after the upgrade has completed may take a little longer than usual due to some administrative actions being performed in the background.

    BP-7230

    To improve performance when searching Active Directory domains and forests, caching mechanisms have been added for domain credentials to reduce database calls, and for Active Directory trust relationships to prevent unnecessary calls to Active Directory.

    BP-6954

    BP-6969

    Application Modeller

    Description of change

    Reference

    When configuring Application Modeller to spy an element in UIA mode, the UIA Class Name attribute is now unselected by default. This is because the UIA Class Name attribute value can change as a result of an operating system update or version change. It is recommended that new processes are not configured to rely on this attribute, without first understanding its value and any potential dynamic behavior.

    This change does not affect existing processes, regardless of whether the value is blank or not.

    BP-10198

    Application Server

    Description of change

    Reference

    In the Key Store tab of the Server Configuration Details screen in a Blue Prism application server configuration, users are now able to select a folder from their network, in addition to their local computer. The location path can also be typed or pasted directly in the Folder field. This means that encryption key files can now be securely saved in a location that is not on the server computer.

    BP-6872

    Audit events

    Description of change

    Reference

    All log in and log out audit events are now correctly recorded to the audit log, even if the machine used to log into Blue Prism does not exist in the database. This fixes an issue where the local device system setting Start a personal Runtime Resource on this machine when users sign in to Blue Prism has been disabled, preventing the machine from being registered in the Blue Prism database.

    BP-4107

    Citrix integration

    Description of change

    Reference

    To reduce memory consumption, only one AppMan.Service.exe instance now runs in the background in the Citrix VDE. Previously, users could run multiple instances at the same time.

    BP-4705

    An issue has been fixed where a timeout error message incorrectly displayed when attempting to attach a Blue Prism process to the Citrix VDE after the AppMan.Service.exe had been terminated and restarted.

    BP-4895

    Messages over 1 KB sent to applications automated in a Citrix VDE no longer cause the AppMan.Service to terminate unexpectedly.

    BP-5326

    An issue has been fixed where the Blue Prism interactive client stopped responding after initially attaching a Blue Prism process to the AppMan.Service and then closing the AppMan.Service. The availability of the AppMan.Service is now checked before closing Blue Prism.

    BP-4891

    Previously, if the AppMan.Service was launched and an error occurred, the service terminated but the created tray icon was not removed from the notification area. The tray icon is now correctly removed when the application closes following an error.

    BP-3735

    An error no longer incorrectly displays if a process in Process Studio is paused after the process has been launched (via a Launch action in a Navigate stage) and before an application (for example, Notepad) is launched on the Citrix VDE.

    BP-3529

    Previously, an error occurred when attempting to automate an application via a Citrix VDE using a Navigate stage with an Activate window action. This was because the required 32/64-bit Activator files were missing from the Citrix install directory. These files have now been added, so the error no longer occurs.

    BP-7594

    An error was fixed where, when a business object was connected to an application, and another business object was connected to another application, via a Citrix VDE, if either of the applications was closed or detached in Object Studio, Blue Prism could not detect which application had been closed. This has now been fixed so Blue Prism correctly detects which application has been closed.

    BP-7250

    Control Room

    Description of change

    Reference
    The View Schedule permission no longer allows users to update configuration options when viewing schedules in Control Room. Previously, some fields were incorrectly enabled for editing, yet errors presented when attempting to save changes. BP-1981

    Resources changed from local to public now successfully display on the Session Management screen in Control Room. Previously, local resources which were updated to public no longer displayed on the user's machine.

    BP-1340

    The way session information is retrieved on the Session Management screen in Control Room has been updated to call data more efficiently so only one call is made to the database. Previously, duplicate database calls were made for filtered session views.

    BP-216

    The Start option on the shortcut menu for the Environment panel on the Sessions screen in Control Room is now disabled for users that do not have the Control Resource permission enabled on their user role. Previously, this option was available to all users, but triggered an error when selected by users without the required permission.

    BP-4797

    An issue when running the Scheduler reports (such as Recent Activity), from Control Room or via the Command Line, which resulted in a Null Reference Exception error, has been fixed. This intermittently occurred when the report had more than 2000 entries.

    BP-176
    Database queries used to populate the Queue Management screen in Control Room, with information such as work queue items and their status, now use snapshot isolation to improve overall system performance. BP-1570

    An issue has been fixed where a schedule configured with a weekly run and an expiration date in Control Room could sometimes incorrectly run past its set expiration date. In addition, this also ensures that such schedules display correctly in the Scheduler >Timetables list.

    BP-6847

    When the maximum number of concurrent sessions allocated to a user's license has been reached, scheduled sessions are no longer triggered, and a message to indicate this is added to the schedules log. Previously, if a user created a schedule which assigned a process to multiple resources, sessions were triggered on these resources even if the maximum number of sessions had been reached.

    BP-2696

    The Schedules tree view in Control Room is now refreshed when a user clicks Refresh on the Schedules screen following an update by another user. Previously, the changes were only visible after the first user navigated away from Control Room and returned.

    BP-6810

    Credential manager

    Description of change

    Reference

    For enhanced security, fields for concealed passwords throughout the user interface and in data tables now display a standardized number of 15 characters to conceal the length of password values. This change has been applied to the following data tables:

    • Session variables
    • Environment variables
    • Collection stages when the field type is Password

    • Data items where the field type is Password

    • Text fields which automatically conceal inputs, such as the Password field on the Connection Configuration screen.

    BP-4883

    BP-3257

    BP-1849

    Blank passwords no longer cause an error when using the /reencrypt command  to update all credentials, encrypted work queue items, and resource screenshots so they use the latest encryption scheme. Previously, decryption failed for credentials that had blank passwords. This was because the database re-encryption was ignoring blank passwords, but updating the credential key. Blank passwords are now handled the same way as non-blank passwords so re-encryption and decryption are always successful.

    Additionally, blank passwords can now also be successfully used:

    • When creating a new credential on the Security - Credentials screen in the Blue Prism interactive client.
    • When using the Set action of the Credentials VBO in a Blue Prism process.
    • When using AutomateC to re-encrypt the data in the database after generating a new default encryption scheme.

    BP-6763

    Database settings

    Description of change

    Reference

    An issue has been fixed where a database connection error message was incorrectly displayed in the Windows Event Viewer when connecting to a database on an Azure SQL Server.

    BP-398

    The Blue Prism SQL database roles that incorporate the minimum set of permissions for accounts used by Blue Prism to connect to its SQL database now correctly have appropriate permissions to execute the stored procedure required to retrieve data to populate the web-based Control Room plugin in Hub.

    BP-4784

    Interactive client and runtime resources

    Description of change

    Reference
    The handling of HTTP requests on resources which have the /nohttp flag enabled has been improved. Attempted HTTP connections to such resources are now closed with a more informative error message. BP-288

    The Last refreshed on field on the Reporting screen in System Manager no longer includes a time stamp. This is because any configured refresh time is not saved to the database, which means only the default refresh time of 0:00:00 always displayed.

    BP-461

    An issue has been fixed where a misleading error message referring to certificate private keys was displayed on the runtime resource window. This happened in error scenarios relating to transport security for Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

    The error message now reflects the scenario of the exception being raised.

    BP-592 (see also:
    BG-7509
    BG-6963
    BP-1451)
    The callback logic that relays messages from runtime resources to interactive clients via an application server has been improved. The Client ID is now passed on callback channel communications to ensure callback messages are only shown to the user that triggered the event. Previously, messages were shown to all users logged into the account. BP-4374

    The status bar of the Blue Prism interactive client has been updated to display consistently for all account types as follows:

    Previous: {date time}, Current: {date time}, User: 'User name', Connection: 'DB name', Connected to: 'SQL Server {version number}

    The Previous: {date time} section only displays the second time the user logs in.

    BP-4443

    Localization

    Description of change

    Reference

    It is now possible to type Korean (Hangul) characters into the Expression field in Calculation stages. Previously, such characters could be pasted but were incorrectly displayed when typed.

    BP-3577

    Multi-team environments (MTEs)

    Description of change

    Reference

    An issue has been fixed for Blue Prism environments that use both multi-team environments (MTEs) and resource pools. In MTEs, sessions from resources in a resource pool in a restricted group can no longer be viewed in Control Room by users without appropriate permission. The access rights applied to a group now apply to all items, including pools and any child groups and their contents, so only users with relevant process and resource pool permissions can see restricted sessions.

    For additional information about MTEs and resource pools, see Multi-team environments and Resource pools.

    BP-8020

    Process and Object Studio

    Description of change

    Reference

    Debugging an object that reads from, or writes to an empty collection no longer incorrectly returns validation errors. Previously, running such objects in Process Studio or Object Studio incorrectly resulted in validation errors.

    BP-1440

    An issue has been fixed where a business object created in a later version of Blue Prism could not be imported into an earlier version of Blue Prism if it contained a GetDateTimeValue action. This was due to a change in capitalization in the action name (from GetDatetimeValue to GetDateTimeValue) which would then no longer be recognized by earlier versions of Blue Prism. The GetDatetimeValue action is now converted to GetDateTimeValue when saving, loading, or writing to the XML file, or adding to a release.

    This fix is only intended to allow back porting of objects in this specific scenario. It is not expected that objects and processes created in a given version of Blue Prism can be imported into, or used in, older versions.

    BP-4986

    Ampersand (&) symbols in process and object names are no longer converted to underscore (_) symbols in Process Studio and Object Studio.

    BP-5395

    A validation message, which incorrectly indicated that a data item was not being referenced in a Wait stage, no longer displays when a data item is referenced in a Wait stage.

    BP-6528

    User configuration

    Description of change

    Reference

    The Security - Users screen has been updated to standardize the column names across all account types – native, Active Directory or Authentication Server user accounts, as well as Authentication Server service accounts.

    The user details of an Active Directory user have been updated to include the user's UPN, SID and Distinguished Name, and remove the User valid to and Password expiry details, as these details are not captured for Active Directory users in Blue Prism.

    BP-4440

    BP-5267

    Security improvements

    Description of change

    Reference

    Various security improvements around server permissions and communication have been made in this release.

    BP-9550

    Browser extensions

    Browser extensions allow Blue Prism to interact with web pages and applications presented in a browser, so that business processes that include such applications and web pages can easily be modeled.

    Browser extension versions

    The table below shows when each Blue Prism extension, compatible with this release was introduced and the browser version against which they were evaluated. See browser extension release notes for details of key capabilities.

    Browser Blue Prism extension versions Date available

    Chrome

    7.1.0

    16 June 2022

    Edge Chromium

    7.1.0

    16 June 2022

    Firefox

    7.1.0

    16 June 2022

    For full details of the browser extension versions and compatible browsers, see Browser extension compatibility.

    How updates are applied

    The latest browser extensions are automatically installed with Blue Prism. Browser extensions that are made available after a release are automatically updated when the browser is loaded if there is an active internet connection. Alternatively, if your devices are not connected to the internet, updates can be pushed per user to each device manually. See the Chrome, Edge, and Firefox integration guide for details of how to install the extension using an offline package.

    Browser extension release notes

    Description of change Reference

    The following actions are now available when automating Chrome, Edge, and Firefox browsers. Previously, these were only available in Internet Explorer browsers.

    The Blue Prism Application Modeller Conversion Tool available on the Digital Exchange could be useful when moving from automating Internet Explorer browsers to integrating with Chrome, Edge, and Firefox browsers. For more details, see Digital Exchange.

    Wait stages:

    • Check HTML attributes – This ensures that the specified HTML attribute of an element matches the provided value.
    • Check URL – This ensures that the URL of the currently loaded document matches the URL of the current browser page.
    • Check URL domain – This ensures that the URL domain of the currently loaded document matches the URL of the current browser page.
    • Check Value – This checks whether the HTML element is a specific value before progressing to the next step of the process.

    Read stages:

    • Get Document URL – This ensures that the spied web page returns the full URL of the current browser page.
    • Get Document URL domain – This ensures that the spied web page returns the domain of the URL. If the URL domain is not returned within five seconds, an error message displays.
    • Count Selected Items – This checks whether the number of items identified in the data properties match the number of items selected in the Data drop-down list.
    • Get Selected Item Text – This ensures that the output of the data properties matches the text of the selected item.

    • Count Items action – This counts the number of items in a drop-down list and returns the result as an output parameter.
    • HTML Snapshot action (at application level) – This takes a snapshot of the HTML Document Object Model (DOM) in the current browser page.

    Navigate stages:

    • Navigate – This ensures the Blue Prism application navigates to the active tab of a browser based on the provided URL.

    • Insert Javascript fragment (at application level) – This inserts the supplied Javascript fragment into the parent document. Previously, this action was only available at element level.

    • Invoke Javascript function (at application level) – This calls and executes the supplied Javascript function on the active tab of the browser. Previously, this action was only available at element (child) level.

    • Item Value input parameter (within the Select List Item action) – This selects an item in a drop-down list, based on the HTML value attribute.

    BP-5195

    BP-5194

    BP-5122

    BP-5089

    BP-5090

    BP-5083

    BP-5295

    BP-5292

    BP-5208

    BP-5211

    BP-5196

    BP-5503

    BP-5198

    BP-5297

    Users can now activate an application using Microsoft Edge in Internet Explorer (IE) mode in the same way as when using either Edge or Internet Explorer. This is achieved by selecting the Browser-based Application (Internet Explorer) option in Application Modeller, and then pointing to an Edge application.For more details on how to continue to run IE-based processes using Edge in Blue Prism, see Microsoft Edge IE Mode.

    BP-7076

    An issue has been fixed where, when launching a Chrome, Edge, or Firefox browser, if a window of the same browser was already open, the new window could not be spied using Win32 mode.

    BP-6895

    Due to changes in Google's extensions platform and the move to Manifest V3, the previously available functionality to insert or invoke JavaScript on web pages via the Chrome or Edge browser extension is no longer available. This is a limitation enforced by Manifest V3 for security reasons. For more details, see the Google documentation. Firefox browser extensions still use Manifest V2 so are not currently affected.

    Where existing processes or objects are making use of the insert or invoke JavaScript functionality, we recommend that the design be amended following an upgrade to replace this functionality using standard in‑built features instead. For more information, see this Knowledge Base article and the Manifest V3 Impact Assessment Utility tool.

    BP-6632

    An issue has been fixed where the Edge and Chrome browser extensions could not be detected when an instance of either browser was launched immediately after another browser had been closed. The native messaging host now closes more efficiently to avoid issues with subsequent browser launches.

    BP-9273

    Visual Business Object updates

    A number of Visual Business Objects (VBOs) are provided in the Blue Prism release – new or updated VBOs are listed below. Changes within VBOs are only applied when a VBO is explicitly imported into the environment.

    We attempt to avoid any changes in the behavior of VBOs, however, we advise users to re-verify functionality to ensure compatibility between versions.

    Object – MS Outlook Email VBO

    Description of change Reference

    An issue has been fixed where information was missing from emails forwarded using the MS Outlook Email VBO:

    • The emails did not contain FW in the subject line.
    • The sender information header was not included in the body of the forwarded email.

    Forwarded emails now include the correct FW subject line and body.

    BP-5764

    Object – MS Excel VBO

    Description of change Reference

    An issue has been fixed where some actions in the Excel VBO did not always return Unicode characters correctly, for example Chinese (尔) and German (ü). The affected actions were:

    • Get Worksheet as Collection Offset
    • Get Worksheet Range as Collection

    The way Blue Prism retrieves the values has been changed, so Unicode characters will now be returned correctly in the above actions.

    A new input parameter, Fetch Data With Method has been added to these actions. The value options for this parameter are:

    • Text – The formatted cell's displayed value.
    • Value – The value of the cell, with date or currency indicators if the cell has date or currency formatting.
    • Value2 – The underlying value of the cell, stripped of any extra information.

    The default is Value. This is the same option as used previously in these VBO actions, so existing processes which use these actions will continue to run correctly.

    BP-5063

    An issue has been fixed where the wrong range of cells was sometimes selected when using the StartCell parameter in the Get Worksheet as Collection Offset action. This occurred if the Use Header parameter was set to False, and if there was no data in the first column. The handling of ranges in the Excel VBO has been updated, so that in this scenario the correct cells are now selected.

    If this new version of the Excel VBO is imported to overwrite the previous version, any processes which have been written to work around this issue may no longer select the expected data. These must be checked and updated.

    BP-4723

    Additional components

    The following components are available with this Blue Prism release, but must be installed separately if they are required in your Blue Prism environment.

    Login Agent

    The installers for the latest version of Login Agent, at the time that this Blue Prism release was made available, are provided in the Installers folder within the Blue Prism install location.

    Fixes and minor improvements

    Description of change

    Reference

    The Login Agent now checks whether the machine is logged in before running the Log out command. Previously, executing the Log out command in the Login Agent without any users logged in caused the machine to go offline.

    BP-425

    Login Agent sample processes and Visual Business Object updates

    There are no applicable changes with this version of Blue Prism.

    Data Gateways engine

    The following changes to Data Gateways engine are introduced with this version. The functionality is included in the Data Gateways engine version 1.4, available on the Blue Prism Portal – select Product > Blue Prism Enterprise > Extras.

    Description of change

    Reference

    The Data Gateways engine has been updated to include Logstash 6.8.23 for improved security, due to the recently discovered vulnerabilities in the Log4J component used in Java applications.

    BP-7322

    Blue Prism API

    The Blue Prism API provides a common interface for components such as Blue Prism Hub to connect with the Blue Prism database. It also provides a series of predefined capabilities that can be used by custom solutions to interact with Blue Prism programmatically using a RESTful API.

    The following enhancements, minor improvements, and fixes have been made to the Blue Prism API for this release. The API reference, installation guide, and license agreement for this release can be found here.

    API enhancements

    Endpoint

    Description of change

    Reference
    /api/v7/calendars

    A new endpoint and a GET calendars request have been added, which returns a list of all calendars in the environment.

    BP-4711

    /api/v7/processes

     

    A new endpoint and a GET processes request have been added, which returns a list of all processes in the environment.

    In addition, the following filtering parameters have been implemented:

    • processName – Searches by process name.

    • description – Searches by description.

    • groupName – Searches by group name.

    • attributesInclude – Controls which statuses are included in the returned process list. Supported statuses are Retired, Published, and PublishedWebService.

    • attributesExclude – Controls which statuses are excluded from the returned process list. Supported statuses are Retired, Published, and PublishedWebService.

    • sortBy – Determines how process lists are ordered. The default sort order is by process name, in ascending alphabetical order, with numbers first.

    BP-4330

    BP-4331

    BP-4364

    Process lists called from this endpoint are paginated to improve performance when retrieving large data sets. The default limit is 1000 processes per page, but this can be amended using the itemsPerPage parameter.

    BP-4332
    /api/v7/resources

    The GET resources request has been updated to add the ability to filter by Retired status. The default is to search for non-retired resources, but this can be amended using the retirementFilter parameter.

    BP-4908

    /api/v7/resources/pools

    A new endpoint and a GET pools request have been added, which returns a list of resource pools. The request will not return a pool if the user querying the endpoint does not have permissions for the relevant group which contains the pool.

    BP-4530

    BP-5294

    /api/v7/schedules

    A new POST schedules request has been added, which creates a new schedule definition. This request can also be used to clone schedules. This is achieved using the copyFrom parameter, where users specify which schedule to clone. The cloned schedule will be created and the name prefixed with 'Copy of'.

    HUB-1405

    BP-6374

    /api/v7/schedules

    /api/v7/schedules/{scheduleId}

    /api/v7/schedules/{scheduleId}/tasks/{taskId}

    The validation for the POST and PUT requests have been updated. The maximum character limit for task and schedule description fields has been increased to 32,767 to align with the Blue Prism interactive client.

    BP-6324

    HUB-2579

    /api/v7/schedules/{scheduleId}

    A new PUT schedules request has been added, which amends an existing schedule.

    BP-4358

    /api/v7/schedules/{scheduleId}/sessions

    A DELETE running schedule request has been added, which gives the user the ability to stop a running schedule. When used, any active sessions created by the schedule that are running will be set to terminated status and the current instance of the schedule will be stopped, preventing any further associated tasks from being performed.

    BP-6687

    /api/v7/schedules/{scheduleId}
    /tasks

    A new endpoint has been added, which includes the following requests:

    • GET schedule tasks – Returns a list of tasks for the specified schedule ID.
    • POST schedule tasks – Creates a task for the specified schedule ID.

    BP-4663

    BP-4489

    /api/v7/schedules/{scheduleId}
    /tasks/{taskId}

    A new endpoint has been added, which includes the following requests:

    • GET schedule tasks – Returns the details of a specific schedule task.

    • PUT schedule tasks – Amends an existing schedule task.

    • DELETE schedule tasks – Deletes a scheduled task. Deleted tasks are recorded in the audit table.

    BP-5929

    BP-4497

    BP-6782

    BP-5264

    /api/v7/schedules/{scheduleId}/tasks/{taskId}/sessions/{sessionId}

    A new DELETE schedule sessions request has been added, which deletes a scheduled task session.

    BP-4493

    /api/v7/schedules/{scheduleId}/tasks/{taskId}/sessions

    A new GET schedule sessions request has been added, which returns a list of the scheduled sessions for a specified task.

    This is the same functionality as the GET request for the existing /api/v7/schedules/tasks/{taskId}/sessions endpoint, which will be deprecated in a future release.

    BP-7587

    A new POST schedule sessions request has been added, which creates a scheduled session for a specified task.

    BP-4491

    /api/v7/schedules/{scheduleId}
    /tasks/{taskId}
    /scheduledSessionParameters

     

     

    A new endpoint has been added, which includes the following requests:

    • GET schedule session parameters – Returns start-up parameters for a scheduled task session.
    • PUT schedule session parameters – Assigns the start-up parameters for a scheduled task session. When parameters are passed in the request, validations are performed on the parameter name, type, and quantity.

    BP-4620

    HUB-1380

    BP-5142

    /api/v7/schedules/logs

    Logs retrieved from this endpoint can now be filtered by scheduleName and serverName parameters. This endpoint is being deprecated and will be removed in future release.

    BP-5590

    BP-3531

    /api/v7/scheduleLogs

     

    A new endpoint and GET schedule logs request has been added, which returns all the times a schedules has been run.

    This is the same functionality as the GET request for the existing /api/v7/schedules/logs endpoint, which will be deprecated in a future release.

    BP-7730

    /api/v7/scheduleLogs/{scheduleId}

    A new GET schedule logs request has been added, which returns all logs for the specified schedule.

    This is the same functionality as the GET request for the existing /api/v7/schedules/{scheduleId}/logs endpoint, which will be deprecated in a future release.

    BP-7731

    /api/v7/sessions

    Users can now instruct a digital worker to run processes via a new POST sessions request. The endpoint creates a new session for the specified resource ID and process ID.

    BP-7748

    BP-4363

    /api/v7/sessions/{sessionId}

    A PATCH sessions request has been added, which updates a session. This endpoint can be used to immediately run sessions by updating the session status.

    BP-4499

    /api/v7/sessions/{sessionId}/parameters

    A new GET session parameters request has been added, which returns a list of start-up parameters, and their values, for a specified session.

    Users without permission to a resource, or related processes, cannot access parameter details.

    BP-4583

    BP-5664

    A new PUT session parameters request has been added, which updates the start-up parameters for the specified session.

    BP-4584

    /api/v7/timezones

    A new endpoint and GET timezones request has been added, which returns a list of all time zones in the environment.

    BP-4693
    /api/v7/user/permissions A new endpoint and GET user permissions request has been added, which returns a list of the assigned permissions for the currently authenticated user. BP-5404

    /api/v7/workqueues/{workQueueId}/items/batch

    A new batch POST workqueue items request has been added, which allows users to create multiple work queue items at a time.

    This is the same functionality as the POST request for the existing /api/v7/workqueues/{workQueueId}/items endpoint, which will be deprecated in a future release.

    BP-7757

    /api/v7/workqueues/{workQueueId}/items/{workQueueItemId}

    A new endpoint and a GET workqueue item request have been added, which returns details of a specified item from a work queue.

    This is the same functionality as the GET request for the existing /api/v7/workqueues/items/{workQueueItemId} endpoint, which will be deprecated in a future release.

    BP-5928

    /api/v7/workqueues/{workQueueId}/items

    The GET workqueue items request has been updated to add the ability to filter by State. The filter is disabled by default, but this can be amended using the state parameter.

    BP-5778

    N/A

     

    Responses returned from the API now include a new bp-api-version header, which contains the current version number of the API. For Blue Prism API 7.1.0, this version number is: 7.1.0.0.

    BP-5092

    The API has been updated to convert the following file formats to PNG files so they can be used as image start-up parameters. Files uploaded in the formats BPM, JPG, JPEG, GIF, ICO, and TIFF are converted to PNG files by the API for use in Blue Prism processes.

    BP-6910

    API fixes and minor improvements

    Description of change

    Reference

    An issue has been resolved whereby sessions and resources associated with pool members were not returned for users who did not have the System Administrator role assigned.

    BP-5466

    Any errors that occur during login are now recorded in ServerStore.CreateServerForToken to assist with troubleshooting. By default, logs are stored in: C:\ProgramData\Blue Prism\BluePrism.Api. Previously, no logs were recorded for login issues. BP-6130

    The error message displayed when an API user is not correctly mapped to an Authentication Server user has been improved to be more informative. Previously, the error message only stated that an unknown failure had occurred.

    BP-6129

    The GET request for the /api/v7/sessions/{sessionId} endpoint has been updated to remove unnecessary permission checks, and to align with the other /sessions endpoints. Previously, the request incorrectly required the Audit - Process Logs or Audit - Business Object Logs permissions.

    BP-6336

    The responses returned from the GET /api/v7sessions request have been improved for users without correct permissions. Previously, the request succeeded but returned an empty list of items, now a 403 response code is returned as expected.

    BP-6327

    The responses returned from the /api/v7/resources/{resourceId} request have been improved for users without correct permissions. Previously, PUT requests returned a 404 response code, now a 403 response is returned as expected.

    BP-6310

    The responses returned from the /api/v7/resources/{resourceId} request have been improved when attempting to retire a resource which is online. Previously, PUT requests returned a 500 response code, now a 409 code with the message "This resource is currently online and cannot be retired" is returned to align with the Blue Prism interactive client.

    BP-6335

    Date range validations have been added to the sessions and schedule logs endpoints, such as confirming start times are before end times.

    BP-3333

    The POST /api/v7/workqueues/{workQueueId}/items and GET /api/v7/workqueues/{workQueueId}/items/{workQueueItemId} endpoints have been updated to return error messages for work queues that have an application server-based encryption key. Only work queues that are not encrypted, or use database-based encryption keys, can use these endpoints. The Blue Prism API reference now includes more detailed information regarding this limitation.

    BP-5066

    BP-7595

    The /api/v7/resources/{resourceId} endpoint now returns a 404 response code if an invalid resource ID is passed in the request.

    BP-6927

    The error handling has been improved for requests which do not contain request body content. Previously, the endpoints returned a 400 response code, and now return a 500 code. This has been updated for the following endpoints:

    • PUT /api/v7/resources/{resourceId}

    • POST /api/v7/schedules/{scheduleId}/tasks

    • POST /api/v7/schedules/{scheduleId}/tasks/{taskId}/sessions

    • PUT /api/v7/schedules/{scheduleId}/tasks/{taskId}/scheduledSessionParameters

    • PUT /api/v7/schedules/tasks/{taskId}

    • POST /api/v7/schedules/{scheduleId}/sessions

    • PUT /api/v7/sessions/{sessionId}/parameters

    • POST /api/v7/workqueues/{workQueueId}/items

    • POST /api/v7/workqueues

    • POST /api/v7/resources/{resourceId}/sessions

    BP-6870

    Work queue items with Locked status are now shown correctly when returned from the /api/v7/workqueues/items/{workQueueItemId} or /api/v7/workqueues/{workQueueId}/items/{workQueueItemId} endpoints. Previously, locked items were returned with the status Pending.

    BP-7287

    The GET Sessions request has been updated to add validations to parameter values. This resolves issues with 500 response errors when non-numerical values were passed in the sessionNumber parameter.

    BP-7656

    The guidance in the OpenAPI v3 specification for PUT requests using the /api/v7/resources/{resourceId} endpoint has been updated to provide more detail on how the endpoint can be used to retire or unretire a specified resource.

    BP-4555

    The OpenAPI v3 specification has been updated to align the handling of datetime elements with the API requests.

    BP-3512

    Corrected the permission required by the PUT /api/v7/resources/{resourceId} endpoint from Control Resource to Configure Resource.

    BP-8151

    Where multi-team environment (MTE) permissions are setup for processes and/or resources, API users now require access permission to the assigned process and resource group in order to utilize the work queue item API endpoints. The additional permission check has been added to the following endpoints:

    • GET /api/v7/workqueues/{workQueueId}/items

    • POST /api/v7/workqueues/{workQueueId}/items

    • POST /api/v7/workqueues/{workQueueId}/items/batch

    • GET /api/v7/workqueues/items/{workQueueItemId}

    • GET /api/v7/workqueues/{workQueueId}/items/{workQueueItemId}

    The additional permission check only applies to active work queues, as they are assigned a process and resource group, whereas standard work queues are not assigned a specific process and resource group.

    BP-9583

    Compatible Blue Prism Hub components

    The following components are part of the Blue Prism Hub release, but are required to utilize specific Blue Prism functionality.

    Authentication Server

    Authentication Server provides centralized common authentication for users across three key components of the Blue Prism platform: Blue Prism Enterprise, Blue Prism API, and Blue Prism Hub. For more details, see the Authentication Server configuration guide. The following enhancements, minor improvements, and fixes have been added to the configuration of Authentication Server in Blue Prism Enterprise for this release:

    Description of change

    Reference

    The CefSharp Chromium browser used to present login dialogs has been replaced with WebView2 to deliver embedded browsers more securely, as is required for Authentication Server login.

    The WebView2 runtime must be installed locally on any machine that runs the interactive client so users can sign into Authentication Server. For more details, see https://docs.microsoft.com/en-us/microsoft-edge/webview2/concepts/distribution.

    BP-5051

    BP-5640

    The AutomateC mapping tool can now only be used to add Blue Prism users into the Authentication Server database; or map existing Blue Prism users to existing Authentication Server users.

    • Authentication Server users can no longer be added automatically to Blue Prism via the mapping tool. Selected Authentication Server users are now only added to Blue Prism at the time when they are assigned to a role via the Role Membership dialog.
    • Authentication Server users can no longer be mapped to Blue Prism users that do not exist. If an administrator using the AutomateC mapping tool does not enter a Blue Prism username in the CSV file, but enters an Authentication Server User ID, an error message displays to the user.

    BP-5451

    BP-5453

    Administrators can now create CSV file templates containing pre-populated data from the Blue Prism and Authentication Server databases for mapping users between the two databases. Two new parameters have been added to the AutomateC command line tool for this purpose: /getblueprismtemplateforusermapping <pathtooutputfile> /user <adminuser> <adminpwd> and /getauthenticationservertemplateforusermapping {outputpath}. The Authentication Server - Map users permission required to run these commands is assigned by default to system administrators on the Security - User Roles screen  in the Blue Prism interactive client.

    BP-3088

    BP-3153

     

    The Authentication Server Integration tab on the Blue Prism Server Configuration Details screen has been updated as follows:

    • Users no longer need to create a credential on the Security - Credentials screen in the Blue Prism interactive client to store the Client ID and Client Secret values of the service account used to connect to Authentication Server. The Client ID and Client Secret values can now be entered directly in the Authentication Server Integration tab on the Blue Prism Server Configuration Details screen under a new Client Details section. The Authentication Server credential drop-down field has also been removed from the Security - Sign-on Settings screen.

      These changes have been made because the requests to the RabbitMQ message broker are made from the server and there can be more than one server pointing to a single Blue Prism database.

      Users who previously configured these settings in Blue Prism 7.0 will need to add the client ID and client secret of the associated service account on the Server Configuration Details screen for each Blue Prism application server service in the deployment.

      While it is recommended that the client ID and secret are different on all servers, multiple servers in the same environment are permitted to use the same values.

    • A new Test connection button can be used to check that the specified values for the broker settings are valid before administrators enable the connection to the message broker via the Enable connection check box. A message displays to help users diagnose issues with the connection if the settings are not deemed valid.

    • A message now displays if invalid characters have been entered in the Environment Identifier field prompting the user to enter a valid set of characters and spaces. Previously, if any invalid characters were entered, an error occurred when attempting to create the message queue.

    BP-3593

    BP-4647

    BP-4877

    BP-4401

    BP-6700

    A new Synchronize users with Authentication Server option is available when clicking the menu button on the Security - Users screen in the Blue Prism interactive client. This allows data between the Blue Prism and Authentication Server databases to be manually synchronized outside of the RabbitMQ update schedule in the event of any service disruption. When selected, this will:

    • Add any new Authentication Server service accounts to the Blue Prism environment.

      Authentication Server users are not added to the Blue Prism environment when using this option, they must be manually assigned to a Blue Prism role on the Role Membership screen, see the Authentication Server configuration guide. This is to prevent large numbers of Authentication Server users who do not need access to Blue Prism (for example, Interact users), from being added into the Blue Prism database.

    • Retire users and service accounts that have been retired in the Authentication Server database in the Blue Prism environment as well.

    • Restore any users and service accounts in the Blue Prism environment that have been unretired in the Authentication Server database.

    To use this option, the interactive client must be connected via a Blue Prism server.

    BP-3705

    BP-3458

    BP-5516

    BP-5452

    Hub users are now prevented from accessing the Control Room plugin if the User login via Authentication Server option on the Security - Sign-on Settings screen in the Blue Prism interactive client has not been selected.

    • Automatic synchronization of user accounts between Authentication Server and the Blue Prism application server still requires user authentication via Authentication Server to be enabled, whereas service accounts are still synchronized even when user authentication via Authentication Server has not been enabled.
    • Previously, the synchronization would incorrectly not occur if the User login via Authentication Server option was not enabled on the Security - Sign-on Settings screen.

    BP-3810

    A message now informs users that all user authentication will occur via Authentication Server if they select the User login via Authentication Server option, enter an Authentication Server URL and click Apply on the Security - Sign-on Settings screen.

    BP-4399

    The error message displayed when the user mapping between Blue Prism and Authentication Server via the command line tool fails has been improved to specify that AutomateC requires a Blue Prism server connection.

    BP-5467