Srinivas Yelamanchili (yelas1)
Senior System Architect
Pegasystems Inc.
yelas1 Member since 2014 76 posts
Posted: August 14, 2019
Last activity: August 18, 2020
Posted: 14 Aug 2019 22:20 EDT
Last activity: 18 Aug 2020 9:28 EDT

Authentication service - empty access group

hen using SAML/SSO authentication service, if the value mapped to the access group is empty, then an empty access group is created too for the user
Steps to Reproduce

In the Authentication Service rule 'Mapping' tab:
extensionAttribute1 maps to .pyAccessGroupsAdditional(1) and
extensionAttribute2 maps to .pyAccessGroupsAdditional(2)

extensionAttribute1 and extensionAttribute2 are provided by the organization AD services.
extensionAttribute2 is optional and therefore will not always have a value.

When extensionAttribute2 is empty, .pyAccessGroupsAdditional(2) on the operator profile is still created and with an empty value.

Expected: Access group with empty value should not be created. Or in the mapping tab of the Authentication Service rule, there should be a way to conditionally specify that this mapping is only applicable if the source is not null (for example)

***Edited by Moderator Marissa to update platform capability tags****

Pega Platform Security