Users who attempted to log in to Proxyclick via a 'Central' or 'Shadow' SAML (multi-location set up) configuration received a 500 error after successful authentication from their IdP.
A potential security flaw was identified by our Bug Bounty program, and a patch was created to address this flaw. The patch impacted the way users' access to Proxyclick accounts was calculated, and conflicted with our SAML SSO implementation.
This conflict was not identified during pre-release QA testing and went live in a scheduled platform update. After the release, the Product team identified the conflict and provided a further update to restore SAML SSO functionality without removing the security patch.
Product and Technical Success reviewed the underlying code to identify the root cause, Product provided and deployed a hotfix.
Once the issue was positively identified, team was quick to produce and deploy a fix
Improvements to pre-release testing (security patches that change the behavior of API calls need to be tested against all calls made to that API endpoint) and escalation/testing to reduce response times.