16 comments

[ 3.8 ms ] story [ 44.0 ms ] thread
OneLogin is having issues with SSO and the portal, although it is unconfirmed on this status page at the moment.
At time of writing, their status page now appears to be nonfunctional.
The only status I got was by email. "Degraded Performance" is an understatement when nobody is able to connect. --- Status update from OneLogin regarding Portal, Single Sign-On Service in US Operating Region

Message: OneLogin Engineers have identified an issue with Single Sign-On Services, some customers may be unable to reach their portal. We are working to quickly restore service.

Current Status: Degraded Performance Started: April 26, 2022 9:59AM PDT Resolved:

Affected Infrastructure Components:Portal, Single Sign-On Service Locations:US Operating Region

Words like "some customers", "degraded performance", and "increased response times" are frustrating in situations where it's clearly not doing anything useful for anyone. They aren't technically untrue, but they are not helpful.
OneLogin? More like ZeroLogin, amirite?
Secuirty can't be breached if no one can log in...
Unless, of course, security was already breached and that is why no one can log in.
We are getting the following message on our login portal: "Validation Error: Validation failed: There was a problem decrypting the secret. Response status: 400."
This might be a good opportunity to check out some self-hosted and open source competitors:

- The Ory Ecosystem: https://github.com/ory

- KeyCloak: http://keycloak.org

- Authelia: https://github.com/authelia/authelia

Seconding Keycloak. It has a steep learning curve to get started, but it's rock solid for production use.
My favorite in this space is authentik. It manages to have more features than most while being easier to use.

https://goauthentik.io/

(comment deleted)