Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
License Agreement
Support Guide

Identity Manager Product Notification

Critical Alerts
Critical Notification

Identity Manager 8.1.x & 8.2.x


A security vulnerability was discovered in one of the authentication components that may be used to access Identity Manager called “Redistributable STS” (RST). This could allow an attacker to gain unauthorized access to the system.

How does this affect me?

If you have installed and configured the RSTS component with the help of One Identity Professional Services in order to perform primary authentication against an identity provider STS such as Microsoft ADFS, Microsoft Azure AD, Okta, or Ping Federate, you may be affected by this security vulnerability. This issue does not impact the documented use of the RSTS component for two-factor authentication using WebAuthn security keys as documented in the One Identity Manager Web Application Configuration Guide.


A security fix has been released for Identity Manager 8.1.x and 8.2.x versions.


Please review the following knowledge article 337976 for further details on this issue. The updated versions of this fix will also be included in the upcoming releases and service packs beginning with v8.1.6 and v8.2.1. 

We apologize for the inconvenience this issue may have caused.