User group provisioning based on SSO URL fails
SummaryThe environment has multiple SSO URLs (A, B) and access groups (X, Y). When User1 logs into URL A, their default access group is assigned as X. When User1 logs in via URL B, their default access group should then be assigned as Y instead of X. Currently, User1 logging in via URL B find that their default access group is still set as X.
Error Messages2017-01-30 11:24:44,960 [ WebContainer : 18] [ STANDARD] [ ] [te_RxEnroll:01.01.01] ( internal.mgmt.Executable) ERROR app domain|127.0.0.1 - Only authenticated client may start this activity: RULE-OBJ-ACTIVITY DATA-ADMIN- LOOKUPLIST #20130919T000420.088 GMT
com.pega.pegarules.pub.PRRuntimeException: Error: You lack access required to execute RULE-OBJ-ACTIVITY DATA-ADMIN- LOOKUPLIST #20130919T000420.088 GMT.
Steps to Reproduce
- User logs into application via one SSO URL.
- Check access group.
- User logs out.
- User logs in via second SSO URL.
Root CauseWhenever a new operator is created or the access group is changed, the list retained in .pyAccessGroupsAdditional must be updated to include the access group. For example, the XML on an operator record will show :<pyAccessGroup>SRA87935:Administrators</pyAccessGroup>
Additionally will show this access group in the list :
ResolutionAdded a Property-Set step to update pyAccessGroupsAdditional.
Published March 9, 2017 - Updated March 10, 2017