Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

December 3, 2020 – Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

InterSystems has corrected a defect affecting the use of HealthShare as a SAML Service Provider when Single Sign-On (SSO) is also enabled.

This problem exists for:

  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, and 2020.1.x

Any user using the Management Portal UI to configure HealthShare as a SAML Service Provider may experience an issue in which they are able to gain access to HealthShare as a different user than they expect to when using Single Sign-On (SSO) to access HealthShare from a third-party application such as an EHR.

The impact is that the user may be able to access HealthShare resources that they would otherwise be restricted from.  In addition, they may be restricted from resources they would otherwise be granted.

Customers using HealthShare as a SAML Service Provider should disable SSO until they receive and apply the fix to their system.

The correction for this defect is identified as HSIEO-3029, is fixed in Unified Care Record 2020.2 and will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the WRC.

RELATED TOPICS

Latest Alerts & Advisories

Sign Up Today

Receive notifications on support alerts, critical issues,
fixes, and product releases.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
By submitting this form, you give consent to receive notifications concerning support alerts, critical issues, important updates, fixes, and product releases via email. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.
**By clicking here, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products, offerings, and events.