Identity Services Hotfix
Maintenance window: September 7, 2020 00:01 to 04:00Impacted Cloud services:
Identity
With MFA enabled, the claims token generated by MFA enabled Identity services mat not work for subsequent service calls. Service calls are failing with a “Not a trusted token error” message. In the case of (custom and MFA) providers, when refresh tokens (generated with MFA) are used, the Identity system was not copying the user_id from the previous claims token to the newly generated claims token. Applications that were not referencing the user_profile, but rather the token for user attributes, might fail.
The Quantum Identity team identified a corner case where a token is getting refreshed but the system is not restoring the profile attributes from the older claims token to the newly generated claims token. This happens only when the user is active throughout the idle timeout duration. The best practice is to fetch certain attributes from the user profile. This fix will replicate profile attributes to the newly generated claims token.
Impact Level : minor
Minor downtime is possible for the impacted Cloud services while this maintenance is being performed. The scheduled maintenance is designed to mitigate disruptions to service availability and performance for the impacted Cloud services. However, it is possible for the impacted Cloud services to be unavailable and/or performance degraded for a short period of time during the maintenance window. Note that no changes are being applied for other Cloud services outside of the list of impacted services above and no service availability or performance disruption is expected for other Cloud services.