Workaround for digital fingerprint hotfix

Hotfix update and workaround applies to the following product releases:

AND you have a specific configuration as described in the Solution and workaround section, below.

Each web browser has a unique digital fingerprint. During the login workflow (in private mode), the Identity Platform collects or reads the digital fingerprint for each user like the ones shown on the Account Management page.

If there is no DFP for the user, the Identity Platform sends the user to a two-factor authentication page and collects the digital fingerprint. Then, the next time the user logs in, they could skip two-factor.

Otherwise, if there is an existing digital fingerprint for the user, they could skip two-factor in the login workflow.

There was an issue with the user agent string picking up identical digital fingerprint settings in Google Chrome and Microsoft Edge.

Before the hotfix, a user could log in separately in Chrome and Edge browsers and they provided two-factor. Then, when they switched browsers, it sent the user to the two-factor authentication page, instead of skipping two-factor.

This was because two different user agent strings recorded the same browser information. It only honored one DFP setting for Chrome or Edge.

The hotfix addresses the issue described above, but it could still occur for a specific configuration in the SecureAuth® Identity Platform.

As a solution and workaround, use the following hotfixes applicable for your product release:

The hotfix and workaround applies if you have this specific configuration in Advanced Settings (formerly Classic Experience) -- on the Workflow tab, in the Browser / Mobile Profiles section, the Match FP Id in cookie set to Yes.

If you have this configuration, you can use any of the following workarounds after you apply the hotfix.