Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

December 3, 2020 – Advisory: Incorrect Login Behavior using HealthShare as a SAML Service Provider

InterSystems has corrected a defect affecting the use of HealthShare as a SAML Service Provider when Single Sign-On (SSO) is also enabled.

This problem exists for:

  • HealthShare Unified Care Record 2019.1.x, 2019.2.x, and 2020.1.x

Any user using the Management Portal UI to configure HealthShare as a SAML Service Provider may experience an issue in which they are able to gain access to HealthShare as a different user than they expect to when using Single Sign-On (SSO) to access HealthShare from a third-party application such as an EHR.

The impact is that the user may be able to access HealthShare resources that they would otherwise be restricted from.  In addition, they may be restricted from resources they would otherwise be granted.

Customers using HealthShare as a SAML Service Provider should disable SSO until they receive and apply the fix to their system.

The correction for this defect is identified as HSIEO-3029, is fixed in Unified Care Record 2020.2 and will be included in all future product releases. It is also available via Ad hoc change file (patch) or full kit distribution from the Worldwide Response Center (WRC).

If you have any questions regarding this advisory, please contact the WRC.

RELATED TOPICS

Latest Alerts & Advisories

Apr 17, 2025
InterSystems has addressed security vulnerabilities that impact applications using OAuth2 Client configurations on InterSystems IRIS, InterSystems IRIS for Health, HealthShare, HealthShare HealthConnect, TrakCare, Caché, and Ensemble. Remediation steps and additional guidance documentation are available from the InterSystems Worldwide Response Center (WRC).
Apr 02, 2025
Product & Versions Affected Explicit Requirements DP-439207 InterSystems IRIS® data platform 2024.3 (AIX) AIX installations Using JSON processing and Unicode non-Latin-1 character sets DP-439280 InterSystems IRIS 2024.3 (containers with IntegratedML) IntegratedML Containers using TensorFlow
Mar 04, 2025
This problem affects the following products:
Mar 04, 2025
This problem affects the following products:

Sign Up Today

Receive notifications on support alerts, critical issues,
fixes, and product releases.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
By submitting this form, you give consent to receive notifications concerning support alerts, critical issues, important updates, fixes, and product releases via email. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.
**By clicking here, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products, offerings, and events.