Skip to content
Keressen, hogy többet megtudjon az InterSystems termékeiről és megoldásairól, karrierlehetőségekről és még sok másról.

Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

December 3, 2020 – Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

InterSystems has corrected a defect affecting the use of HealthShare as a SAML Service Provider when Single Sign-On (SSO) is also enabled.

This problem exists for:

  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, and 2020.1.x

Any user using the Management Portal UI to configure HealthShare as a SAML Service Provider may experience an issue in which they are able to gain access to HealthShare as a different user than they expect to when using Single Sign-On (SSO) to access HealthShare from a third-party application such as an EHR.

The impact is that the user may be able to access HealthShare resources that they would otherwise be restricted from.  In addition, they may be restricted from resources they would otherwise be granted.

Customers using HealthShare as a SAML Service Provider should disable SSO until they receive and apply the fix to their system.

The correction for this defect is identified as HSIEO-3029, is fixed in Unified Care Record 2020.2 and will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the WRC.

RELATED TOPICS

Latest Alerts & Advisories

Jul 23, 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
Jul 23, 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).
Jun 10, 2025
Advisory ID Product & Versions Affected Risk Category & Score Explicit Requirements DP-439649 Products:
May 20, 2025
This issue affects all versions of HealthShare®:
May 20, 2025
This problem affects the following products: