Discussion

Incorrect Operator Data Mapped During SAML 2.0 Authentication

Summary:

For those using Pega 7.4 and Pega 8.1.0 with SAML 2.0 authentication, there is a potential for information from one user profile to be copied to that of another.

Issue Details:

When multiple users log in using SAML 2.0 authentication at nearly the same time, there is a small possibility that operator record details from one user may be copied to the other. Users will be able to authenticate successfully, however various details on their operator record may be incorrect. This issue was introduced when SAML 2.0 authentication was released with Pega 7.4.

Remediation Steps for Pega Cloud Environments:

Pega Cloud environments running Pega Platform versions 7.4 and 8.1.0 are being proactively remediated.

Remediation Steps for On-Premise Environments:

This issue is remediated in Pega Platform version 8.1.1 and higher. Pegasystems recommends updating to the latest patch release to address this issue.

If updating is not feasible in the short-term, Pegasystems is making hotfix packages available:

  • Pega 7.4: HFIX-47271
  • Pega 8.1.0: HFIX-55855

To request a hotfix, submit a Support Request to Pega Global Client Support.

Questions:

If you have questions or concerns about this information, please contact Pega Global Client Support. Be sure to reference this article when entering a Support Request.

Group Tags

Comments

Keep up to date on this post and subscribe to comments