On Monday April 29 we started receiving elevated alerts for Single Sign-On authentication failures across a number of identity providers. Engineers reviewed SSO authentication protocols to determine the cause of the failures. After several tests it was determined that the application was rejecting some types of HTTP responses from the SAML consumer service, ultimately leading to SSO login failures for several large identity providers.
After careful review, a fix was put into place to resolve the issue.
The cause of this issue stemmed from network level changes associated with a recent maintenance window, which ultimately restricted access to some identity provider consumer responses.
Appropriate updates and documentation were made to address this issue and ensure that these considerations are taken into account for future maintenance windows that contain network level access changes.