Some users are unable to access the Dashboard when using Single Sign On
Incident Report for Proxyclick
Postmortem

Impact:

Users who attempted to log in to Proxyclick via a 'Central' or 'Shadow' SAML (multi-location set up) configuration received a 500 error after successful authentication from their IdP.

Root-cause analysis:

A potential security flaw was identified by our Bug Bounty program, and a patch was created to address this flaw. The patch impacted the way users' access to Proxyclick accounts was calculated, and conflicted with our SAML SSO implementation.

This conflict was not identified during pre-release QA testing and went live in a scheduled platform update. After the release, the Product team identified the conflict and provided a further update to restore SAML SSO functionality without removing the security patch.

Resolution:

Product and Technical Success reviewed the underlying code to identify the root cause, Product provided and deployed a hotfix.

Once the issue was positively identified, team was quick to produce and deploy a fix

Post-mortem actions:

Improvements to pre-release testing (security patches that change the behavior of API calls need to be tested against all calls made to that API endpoint) and escalation/testing to reduce response times.

Posted Sep 16, 2021 - 11:11 CEST
Resolved
This incident has been resolved
Posted Sep 14, 2021 - 17:09 CEST
Monitoring
A fix is currently being implemented and we are monitoring the situation.
Posted Sep 14, 2021 - 16:22 CEST
Investigating
Some users may be unable to access the Dashboard if company has enabled Single Sign On. We are currently investigating the issue.
Posted Sep 14, 2021 - 15:07 CEST
This incident affected: Dashboard.
Current Status Powered by Atlassian Statuspage