Unable to log in via Strings SSO login (redirect issue)
Incident Report for Phrase
Postmortem

Introduction

We would like to share more details about the events that occurred with Phrase between Friday February 2nd 2024 11:25 AM CEST and Monday February 5th 2024 11:40 AM CEST on which led to customers being unable to log in via Strings SAML and what Phrase engineers are doing to prevent these issues from happening again.

Timeline

  • February 2nd 2024 11:25 AM CEST: The issue was introduced to a change to the SSO feature
  • February 5th 10:50 AM CEST: Due to several customer reports the issue was escalated and an incident was logged
  • February 5th 11:48 AM CEST: A fix was implemented 
  • February 5th 2:02 PM CEST: The incident was considered resolved

Root Cause

It was a mixture of 2 changes:

  1. The init process switched the GET params (including ?id=customer) to POST params. This parameter was no longer set as a GET parameter for the redirect_uri (auth/callback/saml?id=customer) but instead was reduced to auth/callback/saml. This led to a redirect_uri mismatch.
  2. The init process switched from legacy sso.phrase.com host to app.phrase.com. This host change also led to a redirect_uri mismatch.

While testing this with our own Okta setup and a new test Okta setup worked fine, multiple customers reached out to us that it did not work.

Actions to Prevent Recurrence

  • We implemented a SSO host handling for SAML init.
  • Migrate customers to new IDM SAML solution
Posted Feb 06, 2024 - 10:18 CET
Resolved
This incident has been resolved.
Posted Feb 05, 2024 - 14:02 CET
Monitoring
A fix has been implemented and we are monitoring the results.
Posted Feb 05, 2024 - 11:48 CET
Identified
We are currently working on a fix for this issue
Posted Feb 05, 2024 - 10:50 CET
This incident affected: Phrase Strings (EU) (Translation center) and Phrase Strings (US) (Translation center).
Current Status Powered by Atlassian Statuspage