Blue Prism 7.2: April 2023

Active Directory users can be synchronized and log into Blue Prism using telnet commands and web service requests when their UPN contains an alias suffix that is different to the Domain Name System (DNS) name of the Active Directory domain. For example, corp.dir.company.com (DNS name) and company.com (alias suffix), where [email protected] is the UPN. Blue Prism will automatically determine available alias suffixes for the users unless configured manually by an administrator. An optional database script to configure alias suffixes is available for download from the Blue Prism Portal. For more information, see Active Directory Integration.

The following improvements have been made to the behavior of the cache that stores the discovered Active Directory domains:

• A message has been added to the Blue Prism login page informing Active Directory users that the data cache is currently being populated.
• An SQL cache has been added to Blue Prism which contains the data cache that is generated when an Active Directory user first logs into Blue Prism. A new database table dbo.BPACache has been added to support this functionality.
• The default value for the Maximum cache duration has been updated to 1440 minutes (24 hours). Previously, the default was 30 minutes. This will be updated when users click Update Database on the Connection Configuration screen. For more information, see Single sign-on troubleshooting.
• When used, a new AutomateC command line parameter /requestactivedirectorycacherefresh will trigger an update of the data stored in the cache that was populated when:
  • A direct connection was established to the database.
  • A Blue Prism application server was started.

  • Active Directory authentication was enabled in System > Security - Sign-on settings.

    For more information, see Command line options.

When using the WCF callback protocol on the Application Server Controlled Resources (ASCR) Settings tab on the Blue Prism Server Configuration Details screen, both Inbound Port and Outbound Port values can now be configured. Previously for WCF, there was only one configurable Port value which only applied to the outbound function. The inbound function defaulted to port 80 and was not configurable.

The command line parameter /ascrconfig has been updated to display a new <outbound port> option when the <conntype> is WCF. For more information, see ASCR configuration.

This change does not affect the gRPC callback protocol settings.

A Load Balancer Name field has been added on the ASCR Settings tab on the Blue Prism Server Configuration Details screen to cater for scenarios where both the server host name and the load balancer name are used to establish the callback connection.

The /ascrconfig command in AutomateC now also accepts the new /loadbalancername <string> switch.

All Blue Prism Enterprise components (interactive clients, runtime resources, and application servers) can now operate as 64-bit applications if deployed on a 64-bit infrastructure. Previously, only application servers were configured to do so. This improves performance when dealing with large datasets.

The Embedded (default) Application Manager mode has been updated so Blue Prism can also run as a 64-bit process when installed as a 64-bit application. Previously, it could only run as a 32-bit process.

If running Blue Prism on a 64-bit device and importing a release which contains business objects created in versions earlier than 7.2 where the Embedded (default) Application Manager mode was configured as 32-bit, a warning message prompts users to select whether they want to use the embedded default mode (64-bit) or the external 32-bit mode. When a user opts to use the external 32-bit mode, an audit log entry is added to System > Audit > Audit Logs.

The features provided by the Browser Automation Agent are now included in the Blue Prism installer by default. The Blue Prism 7.2 installation wizard automatically removes the Browser Automation Agent and the associated Manifest V3 browser extensions if they have been previously installed.

If running a silent installation of Blue Prism 7.2, the Browser Automation Agent is not automatically removed, and will need to be manually uninstalled from the affected machines following the steps outlined in the known issue BP-14969.

Additionally, if any Manifest V3 browser extensions were previously manually installed on a given machine, they will need to be manually uninstalled before installing Blue Prism.

The latest versions of the Blue Prism VBOs for version 7 are now stored on the Digital Exchange (DX). A shortcut to the DX location has been added in the VBO folder in C:\Program Files\Blue Prism Limited\Blue Prism Automate\VBO to allow users to access the latest versions.

A new AutomateC command line parameter /resetdefaultadminpassword has been added to enable administrators to reset the admin password, without needing to log into the interactive client.

This command can only be used when the default admin user login details have been configured and the admin password has expired.

For more information, see Command line options.

The target framework within the Automate repository has been upgraded to .NET Framework 4.8.

Blue Prism now supports AdoptOpenJDK version 8 and Azul OpenJDK version 8 for automating Java applications.

A new System - Timeouts section in System Manager displays timeout parameters used in Blue Prism automations. These can be changed if the default configuration is causing issues in a particular environment, and to optimize automations across environments. Any changes should only be made under guidance from Blue Prism and tested in a Development environment. For more information on the parameters and their functions, see Timeout parameters.

Changes made to the timeout parameters in System > System - Timeouts are now recorded in an audit log. The following values are recorded:

• The user who made the changes.
• The timeout parameter that was changed.
• The previous value of the parameter.
• The new value of the parameter.
• The date and time of the change.

When logging into Blue Prism using Active Directory (AD) authentication, if there is an issue with decrypting the AD credentials, an error message displays. This error message now specifies the issue so users can be notified.

An issue has been fixed where Domain Controller name mappings configured manually for an Active Directory domain, as described here, were not being loaded into Blue Prism when validating credentials whilst adding or editing domain credentials. This issue prevented users of Active Directory environments that require Domain Controller Name mappings to be set for a domain (for example, environments using an Active Directory multi-site infrastructure) from logging into Blue Prism using Active Directory authentication.

Previously, if an existing Active Directory (AD) user in Blue Prism was deleted from Active Directory prior to upgrading a single-authentication AD database to version 7.1, and a new user was added after the upgrade who had the same User Principal Name (UPN) as the deleted user, the deleted user account was incorrectly reactivated and updated with the unique security identifier (SID) of the new AD user once the AD user list was synchronized with Blue Prism.

This was because the system could not find the SID of the deleted user in Active Directory and thus searched using the UPN, which would lead to the incorrect matching behavior. This behavior has now been updated so if a user is not found in Active Directory based on the SID, it will be automatically deleted in the Blue Prism database, and no longer searched for via the UPN.

An error no longer occurs when synchronizing Active Directory users in Blue Prism and one or more users’ Distinguished Name (DN) is null.

An error caused by a case sensitivity difference between the configured Active Directory domain name preference and the Active Directory domain record in the database no longer occurs when an Active Directory user is attempting to log into the Blue Prism interactive client using a direct database connection.

Several performance improvements have been made when determining Active Directory group membership for a user during authentication, and when viewing the roles assigned to a user in Blue Prism. For more information, see Single sign-on troubleshooting.

Active Directory users with the same User Principal Name (UPN) as an existing or deleted user can now be added if their security identifier (SID) is different.

The following issues have been fixed when working with application elements that are using a Match Index attribute with a value greater than 0:

• The Java changes introduced in version 6.10.3 by BP-5374 and in version 7.0.1 by BP-6163 no longer cause intermittent crashes of Java applications that were automated using the Java Access Bridge spy mode.
• The Get Element Bounds actions in Read Stages, which dynamically read values from a Java application, no longer incorrectly return negative values instead of positive values.

Previously, when using the Wait > Check Exists instead of the Wait > Web Check Exists stage and condition combination, a non-repairable error message displayed instead of a repairable validation warning when the Application Modeller was set to A browser that is already running. A validation warning now displays regardless of the application type selected in Application Modeller.

In Blue Prism versions 7.0 and 7.0.1, when interacting with a browser application from the Application Modeller in Process and Object Studio, clicking the Detach button did not detach the browser application as expected and the application could not be re‑attached. The logic of the Detach button has been updated when used with browser applications so it now works in the same way as the Detach action in a Navigate stage.

The Start Time filter now defaults to all for all languages supported in Blue Prism. Previously, the filter defaulted to today for languages other than English. Filters in Control Room saved in one language will now work for all supported languages. This change only affects new saved filters.

Previously, resource pool controller status notifications were taking a long time to send and could get stuck in a loop, which resulted in connections timing out and schedules not being triggered. This has been fixed by optimizing resource pool controller notifications to prevent connection timeouts with the resources.

An issue introduced in Blue Prism 7.0 has been fixed, where two retry items were incorrectly being created for a work queue item when a session terminated through an unhandled exception.

An error no longer occurs when clicking the Test Connection button on the Connection Configuration after upgrading to Blue Prism 7.1 and using an existing database name. The error only occurred when using the Create Database option to replace the old database, but not when using the Upgrade Database option.

The script created after clicking Generate Script on the Connection Configuration screen in the Blue Prism interactive client has been updated to create the required native administrator user in the database and enable snapshot isolation. This functionality was incorrectly removed in version 7.1 when the Configure Database button was removed.

Control Flow Guard (CFG) has been activated for unmanaged code projects in the Blue Prism Automate application, such as C++ and Activator (32-bit and 64-bit) projects, in line with information security industry standards.

The .NET Framework version displayed on the About Blue Prism screen now always displays the exact version installed on the user's machine.

All DLL files included in the Blue Prism Automate application are now digitally signed in line with information security industry standards.

Improvements have been made to the Blue Prism interactive client to ensure that when the connection to the application server has been temporarily lost, a large number of exception messages are no longer displayed to the user. Instead, the Connecting to Server dialog displays while attempts are made to re-establish the connection. Users cannot carry out any actions in the Blue Prism client until it has successfully reconnected with the application server.

If the server is configured to use WCF Message or Transport Encryption, the dialog displays only after the connection has timed out. During this period, the user interface will be locked and may appear non-responsive until the connection timeout has occurred.

An error no longer occurs when adding a SOAP web service and attempting to add a certificate stored under Local Machine or Current User.

Clicking the information icon in a business object action or selecting the API Documentation menu option in Process and Object Studio now opens the in-product help for the relevant business object in the user's default browser. Previously, the help was opened in Internet Explorer regardless of the user's default browser.

An issue has been fixed where initial values could not be added to nested collections when using Blue Prism in Japanese.

An issue has been fixed in Process and Object Studio where exception messages could be displayed in the background of the window rather than the foreground during the debugging of an automation, making them difficult to locate and, potentially, easy to overlook.

An issue has been fixed where an output of Password data type from an action could be incorrectly stored in a Text data item. This could occur if the password was originally written to a Password data item that was later updated to be a Text data item. A check now takes place in Process and Object Studio and at runtime, and an error message displays if the data item for the password is not a Password data item.

An issue when using Blue Prism in the Japanese locale has been fixed where the child collection in a nested collection couldn't be opened, and an error was triggered.

An error previously displayed when refreshing management information (MI) data has been resolved by removing hard coded references to the database schema name.

An issue has been fixed so that data items within a collection are now included in the list of dependencies on the Edit > Dependencies > Advanced Find dialog > Explore Dependencies tab. . Previously the collection data items were not included in the list. This functionality was incorrectly removed in version 6.7 and has now been restored.

A potential security vulnerability related to SQL injection when using web services has been addressed.

The field labels in the Resilience section of the System ‑ Scheduler screen have been updated to make their behavior clearer to users following the upgrade to version 7, which utilizes Application Server Controlled Resources (ASCR).

In Blue Prism versions earlier than 7.1.2, when the Allow anonymous public Runtime Resources option was selected in System > System - Settings, updating the Runtime Resources role on the Role Membership screen under System > Security - User Roles incorrectly removed anonymous resources from the role. This prevented them from starting when the /resourcepc /public switch was used. This has now been resolved.

The Firefox browser extension is not available for installation in this release. For more information, see Upgrade notices.

Web browser elements spied using the browser-based application mode no longer trigger an error when highlighted in the Application Modeller. This issue only occurred in Blue Prism 7.1.0.

An issue has been fixed where a web page that was being spied using a Chrome or Edge browser extension could not be highlighted or spied again once a file had been downloaded from the web page. The Chrome or Edge browser extension no longer disconnects from Blue Prism once a download has been triggered.

The way the browser type is detected by the native messaging host has been updated to remove the reliance on performance counters, as corrupt or disabled performance counters would prevent the native messaging host from launching correctly.

Blue Prism can now successfully terminate browser applications when the external 32-bit or 62-bit Application Manager mode is used. Previously, an error occurred when attempting to terminate a browser application which had been attached using an external application model.

Previously in Blue Prism versions 7.0.1 to 7.1.1, an error occurred when attempting to attach to a Chrome, Edge, or Firefox browser page using only the process ID (PID) without specifying a title for the page. This has now been fixed by removing the check for the window title when a PID is provided.

Both the 64-bit and 32-bit versions of Blue Prism Enterprise now deploy the 32-bit version of the native messaging host (NMH).

The Parent Document Loaded action, used in a Wait stage when automating a Chrome, Edge, or Firefox browser, now checks whether the parent document was loaded. Previously, it was incorrectly set to always return a true value.

Blue Prism now remains attached to a web page even if the window title changes. Previously, when the window title of a browser instance changed, the browser extension could not be detected and an error message displayed.

When attempting to attach to a browser for which the provided window title is incorrect, a message indicating the specific error now displays immediately. Previously, Blue Prism would wait for 60 seconds before displaying a general message that the browser extension could not be detected.

System timeout parameters used in browser automations can now be configured in the Chrome, Edge, and Firefox browser extension settings to allow system administrators to optimize automations on a particular machine.

The Select List Item action in Navigate stages has been changed to use the native value setter. When list items are selected in web drop-downs, change events are now correctly triggered, and now behave in the same way when the web component is worked by a digital worker as when it is worked manually.

An error no longer occurs when using the Get Relative Bounds action in a Read stage when spying an element in UI Automation mode in Chrome. The bounds are now retrieved correctly.

An error message displays in the Windows Event Log when the web driver is not present, or does not match the Chrome or Edge browser extension version.

The error message raised when a non-browser application is attached to during a browser automation has been improved, to state that the application is not a valid type. Previously, this was not stated clearly in the error message generated.

A more meaningful error message with a link to the troubleshooting guidance now displays when the native messaging host cannot be detected, either because the native messaging host is not configured, or is not running. This reduces the number of scenarios in which a "Browser extension not detected" error is generated.

The name and ID of the named pipe that connects the native messaging host to the JavaScript invoker are now logged in Automate NLog files.

A warning now only displays only if the major, minor, or patch versions of Chrome and the web driver are not the same. Previously, a warning incorrectly displayed when the versions of Chrome and the web driver were compatible, but their build versions were different.

/api/v7/calendars

The endpoint has been updated with the following changes:

• The System – Calendars user permission is now required.

• Requests now return workingWeek, regionId, and disabledPublicHolidaysIds.

The GET calendars request has been updated to enable filtering and sorting. Calendar lists called from this endpoint can be sorted by calendarID, name or region, and filtered using the parameters calendarId, name, region, or workingWeek.

A new POST calendars request has been added, which creates a new calendar.

/api/v7/calendars/{calendarId}

A new endpoint has been added, which includes the following requests:

• GET calendar – Returns the specified calendar.

• DELETE calendar – Deletes the specified calendar.

• PATCH calendar – Updates the specified calendar. Details such as working week, region, and disabled holidays can be changed.

/api/v7/calendars/{calendarId}/
clones

A new POST calendar request has been added, which clones the specified calendar and returns the new calendar ID.

/api/v7/calendars/{calendarId}/
references

A new GET calendar references request has been added, which returns a list of all processes and objects that use the specified calendar. Reference lists called from this endpoint can be sorted or filtered by referenceName, processType, or description.

/api/calendars/{calendarId}/
otherHolidays

A new endpoint and a GET other holidays request has been added, which returns the other holidays for the specified calendar.

/api/calendars/{calendarId}/
otherHolidays/batch

A new endpoint has been added, which includes the following requests:

• POST other holidays – Creates other holidays for the specified calendar.

• DELETE other holidays – Deletes other holidays configured for the specified calendar.

/api/v7/holidayRegions

A new endpoint and a GET regions request has been added, which returns a list of holiday regions and their associated ID.

/api/v7/environmentVariables

A new endpoint has been added, which includes the following requests:

• GET environment variables – Returns a list of environment variables. Variables are returned with the name, data type, description, and value.

• POST environment variables – Creates an environment variable.

Environment variable lists called from this endpoint can be filtered or sorted using the parameters name, description, or dataType.

/api/v7/environmentVariables/
{environmentVariableId}

A new endpoint has been added, which includes the following requests:

• PATCH environment variable – Updates the specified environment variable.

• DELETE environment variable – Deletes the specified environment variable.

/api/v7/licenses

A new endpoint has been added, which includes the following requests:

• GET Licenses – Returns a list of all licenses in the environment. Licenses are returned with details including the status, owner, type, and expiry.

• POST Licenses – Adds a new license.

Licenses called from this endpoint can be filtered or sorted using parameters including licenseId, activationStatus, owner, and type.

/api/v7/licenses/{LicenseId}

A new DELETE License request has been added, which deletes a specified license.

/api/v7/dashboards/
currentLimitsAndUsage

A new GET license usage request has been added, which returns the usage and limits of the active licenses in the environment. Details are returned on processes, sessions, runtime resources, and process alert machines. For unlimited licenses, limits display as null.

/api/v7/schedules/{scheduleId}/
clones

A new POST schedule request has been added, which clones the specified schedule and returns the new schedule ID.

The existing cloning functionality, the copyFrom parameter passed in POST /api/v7/schedules requests, has been now been deprecated and will be removed in a future release.

/api/v7/schedules/{scheduleId}​/
runs

A new POST schedule session request has been added, which creates a session for a schedule to run at a specified date and time.

This is the same functionality as the POST request for the existing /api​/v7​/schedules​/{scheduleId}​/sessions endpoint, which has been deprecated and will be removed in a future release.

/api/v7/schedules/{scheduleId}​/runs/
active

A new DELETE schedule session request has been added, which can be used to stop a currently running schedule.

This is the same functionality as the DELETE request for the existing /api​/v7​/schedules​/{scheduleId}​/sessions endpoint, which has been deprecated and will be removed in a future release.

/api/v7/schedules/{scheduleId}/tasks

/api/v7/schedules/{scheduleId}/
tasks/{taskId}

The endpoints now return a sessionCount property for the task, which enables users to easily see the number of scheduled sessions for a task.

/api/v7/schedules/{scheduleId}/
tasks/{taskId}/
scheduledSessionParameters

The GET and PUT requests have been updated to support the radio button data type, which enables users to manage and configure parameters that use the radio button data type.

/api/v7/sessions

/api/v7/sessions/{sessionId}

The GET requests have been updated to add a new sessionSource parameter, which enables users to determine whether a session is running, or ran on, a Blue PrismDesktop or Blue Prism Enterprise environment. The parameter supports the values All, Enterprise, or Desktop, and can be used to filter retrieved session lists.

In addition, the existing sorting parameters, processAttributesInclude and processAttributesExclude, have been removed.

/api/v7/sessions/{sessionId}

A new DELETE session request has been added, which deletes a pending session. Only sessions with Pending status can be deleted.

The PATCH session request has been updated to allow users to stop sessions. The session can either be:

• Requested to stop, where it will cleanly exit from its current operations. This is done by passing status: Stopping in the requestBody.

• Immediately stopped, by passing status: Stopped in the requestBody.

Only sessions with the status Running or Warning can be stopped.

/api/v7/sessions/{sessionId}/logs

The GET session logs endpoint has been updated to return the following fields:

• logNumber

• processName

• resultType

• resourceEndTime

• bluePrismMemory

• targetAppId

• targetMemory

• stageId

• pageName

• objectName

• actionName

Log lists called from this endpoint can now be filtered or sorted by several parameters, including: logId, sessionNumber, stageId, processName, result, and startDateTime.

/api/v7/sessions/{sessionId}/parameters

The GET and PUT requests have been updated to support the radio button data type, which enables users to manage and configure parameters that use the radio button data type.

/api/v7/workQueues

The POST work queues endpoint has been updated to allow users to enable the Retry items in this queue in the event of an unexpected session termination option, and to define an active queue process or resource group.

The POST work queues endpoint has been updated to allow users to define the work queue group to which newly created work queues will be added.

/api/v7/workQueues

/api/v7/workQueues/{workQueueId}

The GET requests have been updated to return the following properties:

• isRetryItems – If the Retry items in this queue in the event of an unexpected session termination option is enabled for the work queue.

• isSnapshotEnabled – If the Work Queue Snapshots option is configured for the work queue.

• isActiveQueue – If the queue is an Active Queue type.

• activeWorkQueueConfiguration – A collection containing details on the active work queue including assignedProcessId and assignedResourceGroupId.

/api/v7/workQueues/{workQueueId}

The GET work queues request has been updated to return statistics and properties specific to active work queues. This includes activeSessions, availableResources, timeRemaining, elaspedRemaining, and ETA.

The PATCH work queues endpoint has been updated to allow users to enable the Retry items in this queue in the event of an unexpected session termination option, which will create a retry attempt for the work queue item depending on the maximum retries configured for the queue. Users can now also define an active queue process or resource group.

The PATCH work queues endpoint has been updated to allow users to configure the work queue group for the specified work queue.

/api/v7/workQueues/{workQueueId}/
references

A new GET work queue references request has been added, which returns a list of all processes and objects that use the specified work queue. References lists called from this endpoint can be filtered or sorted using the parameters name, description, or processType.

/api/v7/workQueues/{workQueueId}/
items/batch

The POST work queue items request has been updated to return a 404 error if the request is attempting to add an item to a work queue that does not exist. Previously, a 500 error response was returned.

/api/v7/workQueues/{workQueueId}/items

/api/v7/workQueues/items/
{workQueueItemId}

/api/v7/workQueues/{workQueueId}/
items/{workQueueItemId}

The endpoints now return the sessionId for the work queue item.

/api/v7/workQueues/{workQueueId}/
items/{workQueueItemId}

The GET work queue items request has been updated to return the radio button data type, which enables users to retrieve any data of this type.

/api/v7/workQueues/{workQueueId}/
items

/api/v7/workQueues/{workQueueId}/
items/batch

The GET work queue items and POST work queue items requests have been updated to return the following properties, which enable users to filter and sort using the following data:

• sla – The time to complete the work queue item before the service level agreement (SLA) is missed. This is passed in the format DD:HH:MM:SS.

• slaDateTime – The date and time by which the item must be completed in order to meet the SLA. It is passed in the format DD:MM:YYYY HH:MM:SS. If a work queue item is processed before this date time, it is within the SLA.

• withinSLA – Indicates if the work queue item was completed within the SLA.

• processName – The process name of the work queue item.

• isSuggested – If the Director component has recommended the queue item as the next best item to process.

/api/v7/workQueues/{workQueueId}/items/
{workQueueItemId}/attempts

A new endpoint has been added, which includes the following requests:

• GET work queue item attempts – Returns a list of all attempts for the specified work queue item.

• POST work queue item attempts – Creates a work queue item attempt. This request can be used to force retry on items with exception status.

/api/v7/workQueues/{workQueueId}/items/
{workQueueItemId}/attempts/{attemptId}

A new endpoint has been added, which includes the following requests:

• PATCH work queue items – Updates a work queue item. This request can be used to:

  • Change the status of a work queue item.
  • Defer a pending work queue item to a later time or date.
  • Mark a work queue item as an exception.
  • Unlock a work queue item.

• DELETE work queue items – Deletes a work queue item. Only items with the status completed or exception can be deleted.

/api/v7/workQueueGroup

A new endpoint and POST work queue groups request has been added, which creates a work queue group. Requests passed with the parentGroupId as root will create a root work queue group.

/api/v7/workQueueGroups/
{workQueueGroupId}

A new endpoint has been added, which includes the following requests:

• GET work queue group – Returns details of the specified work queue group, including Id, name, parentGroupId, and whether the group contains child groups or items.

• PATCH work queue group – Updates a work queue group.

• DELETE work queue group – Deletes a work queue group. The work queue group cannot be removed if it is not empty, and has no parent group where the items can be moved to. If there is a parent group, items will be moved automatically and the group can be deleted.

In addition, the work queue identifier in requests to this endpoint can be replaced with root to enable users to determine if the work queue group is the root group: /api/v7/workqueuegroups/root.

/api/v7/workQueueGroups/
{workQueueGroupId}/items

A new endpoint and GET work queue group items request has been added, which returns a list of items for a specified work queue group. Item lists returned from this endpoint can be filtered or sorted using the parameter name.

The POST /api/v7/workqueues and PATCH /api/v7/workqueues/{workQueueId} endpoints have been updated to return error messages for work queues that have server-based encryption keys. Only work queues that are not encrypted, or use database-based encryption keys, can use these endpoints. In addition, error messages are now returned if attempting to use an encryption scheme that is unavailable.

An issue has been corrected where time span elements did not render correctly in the API specification.

The GET /api/v7/sessions request has been updated to mark the processID parameter as required.

The Authentication Server synchronization mechanism via RabbitMQ messaging has been removed from the Blue Prism application server configuration. The Authentication Server Integration tab on the Blue Prism Server Configuration Details screen now only displays the client ID and secret. Synchronization of user and service accounts with Authentication Server from Blue Prism 7.2 onwards can only be done manually using the Synchronize users with Authentication Server option, available from the menu button on the Security - Users screen in the Blue Prism interactive client.

For more information, see the Authentication Server configuration guide.