EasySSO 4.2.8 issues with "fail page"
Incident Report for TechTime Initiative Group
Identified
The issues happens when SAML login is explicitly cancelled on the IdP side, the response to EasySSO is correctly identified as a "failure to login", the fail page is displayed (still anonymously at this time), then the user clicks on the default "Log In" link in the application and logs in via regular login screen, but is then redirected to the page they clicked from - the "fail page".

We will be implementing a fix where we 1) do not redirect to the fail page if SAML was re-triggered from the fail page and succeeded and go to the application root/dashboard instead 2) if we do arrive to the fail page while logged in we will immediately redirect to the the application root/dashboard
Posted Oct 15, 2019 - 23:30 NZDT
Investigating
Customers report strange behaviour with SAML "fail page" in 4.2.8 where the fail page is displayed informing the user that they cannot be logged in, but the user is authenticated (i.e. the avatar is shown)
Posted Oct 03, 2019 - 21:45 NZDT
This incident affected: TechTime Server Apps (EasySSO for Jira Server, EasySSO for Confluence Server, EasySSO for Bitbucket Server) and TechTime Data Center Apps (EasySSO for Bitbucket Data Center, EasySSO for Jira Data Center, EasySSO for Confluence Data Center).