yelas1 Member since 2014 75 posts
Posted: 1 year ago
Last activity: 1 month ago

Authentication service - empty access group

hen using SAML/SSO authentication service, if the value mapped to the access group is empty, then an empty access group is created too for the user
Steps to Reproduce

In the Authentication Service rule 'Mapping' tab:
extensionAttribute1 maps to .pyAccessGroupsAdditional(1) and
extensionAttribute2 maps to .pyAccessGroupsAdditional(2)

extensionAttribute1 and extensionAttribute2 are provided by the organization AD services.
extensionAttribute2 is optional and therefore will not always have a value.

When extensionAttribute2 is empty, .pyAccessGroupsAdditional(2) on the operator profile is still created and with an empty value.

Expected: Access group with empty value should not be created. Or in the mapping tab of the Authentication Service rule, there should be a way to conditionally specify that this mapping is only applicable if the source is not null (for example)

***Edited by Moderator Marissa to update platform capability tags****

Pega Platform Security
Share this page LinkedIn