Posted: 14 Aug 2019 15:52 EDT Last activity: 16 Mar 2020 13:26 EDT
Incorrect Operator Data Mapped During SAML 2.0 Authentication
For those using Pega 7.4 and Pega 8.1.0 with SAML 2.0 authentication, there is a potential for information from one user profile to be copied to that of another.
When multiple users log in using SAML 2.0 authentication at nearly the same time, there is a small possibility that operator record details from one user may be copied to the other. Users will be able to authenticate successfully, however various details on their operator record may be incorrect. This issue was introduced when SAML 2.0 authentication was released with Pega 7.4.
Remediation Steps for Pega Cloud Environments:
Pega Cloud environments running Pega Platform versions 7.4 and 8.1.0 are being proactively remediated.
Remediation Steps for On-Premise Environments:
This issue is remediated in Pega Platform version 8.1.1 and higher. Pegasystems recommends updating to the latest patch release to address this issue.
If updating is not feasible in the short-term, Pegasystems is making hotfix packages available:
Pega 7.4: HFIX-47271
Pega 8.1.0: HFIX-55855
To request a hotfix, submit a Support Request to Pega Global Client Support.
If you have questions or concerns about this information, please contact Pega Global Client Support. Be sure to reference this article when entering a Support Request.