Incorrect Operator Data Mapped During SAML 2.0 Authentication
For those using Pega 7.4 and Pega 8.1.0 with SAML 2.0 authentication, there is a potential for information from one user profile to be copied to that of another.
When multiple users log in using SAML 2.0 authentication at nearly the same time, there is a small possibility that operator record details from one user may be copied to the other. Users will be able to authenticate successfully, however various details on their operator record may be incorrect. This issue was introduced when SAML 2.0 authentication was released with Pega 7.4.
Remediation Steps for Pega Cloud Environments:
Pega Cloud environments running Pega Platform versions 7.4 and 8.1.0 are being proactively remediated.
Remediation Steps for On-Premise Environments:
This issue is remediated in Pega Platform version 8.1.1 and higher. Pegasystems recommends updating to the latest patch release to address this issue.
If updating is not feasible in the short-term, Pegasystems is making hotfix packages available:
- Pega 7.4: HFIX-47271
- Pega 8.1.0: HFIX-55855
To request a hotfix, submit a Support Request to Pega Global Client Support.
If you have questions or concerns about this information, please contact Pega Global Client Support. Be sure to reference this article when entering a Support Request.
Keep up to date on this post and subscribe to comments
- SAML 2.0 How to customize PRAuth authentication service
- How can I display an "operator does not exist" message when using authentication via SSO / SAML 2.0?
- How to customise or establish Operator context in SAML SSO authentication in 8.3
- SAML SSO: Error Message: Unable to process the SAML Web SSO request: Unable to process SAML2 Authentication response: Caught Exception while validating SAML2 Authentication response protocol: NULL
- Unable to process the SAML WebSSO request: Unable to process SAML2 Authentication response: Caught Exception while validating SAML2 Authentication response protocol: Caught Exception while creating Keystore instance