Skip to Main Content
Merative Ideas Portal

Shape the future of Merative!

We invite you to shape the future of Merative, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the Merative team to refine your idea

Help Merative prioritize your ideas and requests

The Merative team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at Merative works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at Merative, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Merative External Privacy Statement: https://www.merative.com/privacy

Status Delivered
Created by Maya Cheng
Created on Nov 24, 2023

OOTB - Issue with SSO Authentication Server - esdcoaststgr1/ esdcoastd4oe2e

Steps to reproduce:1) Add users ESDC email to SSO group linked to application 2) Create the same user in Curam with appropriate permissions (IoAdmin/ Processing or any other roles can be used)3) Try to login with SSO



P.S: This issue only occur in the first instance after the user is configured in Curam and works fine after the server restart.

Expected Result: Users should be automatically authenticated when they are added to Curam.


Actual: Below error is displayed

Customer Name ESDC
Market Segment Health & Human Services
Type of Request Idea
Market Opportunity

Simplify the SSO Authentication

CURAM:Workarounds + Proposed Solution

We were able to reproduce the issue in OOTB. The issue is because of Curam security cache doesn't get reloaded when users are added to the database and the altlogin property is related to security cache.

  • Attach files
  • Admin
    ANGELA BRADY
    Reply
    |
    Nov 28, 2024

    Hi Maya,


    We are pleased to inform you that this enhancement is delivered in the latest release of Cúram, version 8.1.3 on Nov 28th 2024.
    In v8.1.3 we support the e
    xtension of the login module for Liberty to support both SAML and OIDC, providing a custom hookpoint that allows customers to extend the out-of-the-box (OOTB) logic

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    Regards,

    Angela Brady, Cúram Product Management team


  • Admin
    ANGELA BRADY
    Reply
    |
    Feb 9, 2024

    Hi Maya,


    We have reviewed your enhancement suggestion.

    Based on the information provided, our understanding of your request is as follows:

    * Provide support for updating the SAML implementation to include calls to IdentityOnlyAuthenticator which in turn updates security cache and newly added users authenticated


    The theme is aligned with our current multi-year strategy for our product, and we have accepted your suggestion as a consideration for a future release. Not all items under consideration will make it into a release. As plans are confirmed, you will be notified when a specific release includes this enhancement.


    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.


    Regards,

    Angela Brady, Cúram Product Management Team

  • Adrienne Magnier
    Reply
    |
    Dec 15, 2023

    hi Graham - please take a look at support case 8286 which has more detail as this was raised as a support case. Some the relevant information is as follows -


    This looks like an OOTB gap in the SAML flow. Below is the documentation that says security cache publish is not required when a new user is added. This is because it gets updated at the time of user login through ‘IdentityOnlyAuthenticator’ and ‘RDBMSAuthenticator’. However it looks like the SAML flow is not calling ‘IdentityOnlyAuthenticator’. So therefore the user cache is not getting updated as ‘IdentityOnlyAuthenticator’ is not getting called in SAML flow.

    Documentation......

    Optimizing authorization by using the security cache

    The security cache is an in-memory structure that holds the security information associated with user

    roles. Security information is held in this cache to optimize the performance of the authorization process.

    The cache is refreshed when the application reboots; it can also be refreshed when a system

    administrator uses the cache refresh facility. The cache must be refreshed whenever any changes have

    been made to the user roles. This includes changes to security identifiers, security groups, and security

    roles. However, the addition of a new user, if there are no other associated security changes (e.g. to roles

    or groups), does not require a security cache refresh.

  • Maya Cheng
    Reply
    |
    Dec 15, 2023

    Hey! I cannot open the support ticket link.

  • Admin
    Graham McCrindle
    Reply
    |
    Dec 15, 2023

    Hi Maya

    We have reviewed your enhancement suggestion and require more information to properly understand the issue and the business scenario you are trying to support.

    Based on the information provided, our understanding of your request is:

    • is an challenge you are experiencing with the SSO functionality within Curam


    I'd like to clarify whether this Idea / enhancement request is related to the support ticket LST-6521 previously raised in relation to SSO

    Please provide the requested information within 30 days so we may proceed with our evaluation. If we do not hear from you within that timeframe, we will have to close the request due to insufficient information.

    Thank you,

    Graham McCrindle SPM Product Management Team

  • Admin
    Graham McCrindle
    Reply
    |
    Nov 27, 2023

    Hi Maya,

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    We will review the information you have provided and get back to you within 30 days. If additional details are required to complete our evaluation, we will send you a request for more information.

    Thank you,

    Graham McCrindle, Curam Product Management Team