The ThousandEyes application experienced single sign-on (SSO) failures. Users in certain organizations were not able to log in using SSO. Organizations which use interactive logins were not affected.

Event timeline

2018-06-20 05:45 UTC: SSO-related issue detected. Investigation initiated.
2018-06-20 17:00 UTC: SSO-related issue resolved, users should now be able to login using single sign-on.

Root cause

This issue resulted from improvements to our handling of SAML assertions, which strictly follow the SAML specification. We have determined that certain SAML identity providers (IdPs) are not following the specification as closely as our code did, resulting in single sign-on failure for customers using those IdPs. We have modified our implementation's handling of SAML signatures to ensure compatibility with less strict IdP implementations.