INC-232 Unable to authenticate to Microsoft apps - postmortem report
Executive Summary
Summary
Beyond Identity released endpoint version 2.88.0 on September 21st, 2023, at 11:18 PM. The Windows Platform Authenticator contained a code change that didn’t pass the correct redirection to the Microsoft webview window, breaking authentication to native Microsoft Office apps on Windows. A hotfix 2.88.1 was released on September 22nd, 2023, at 07:20 PM CDT for Windows platform to fix the issue.
Customer Impact
All customers using Windows who upgraded to the 2.88.0 version were impacted. Updating to the fixed version will fix the issue immediately.
Leadup
Beyond Identity released 2.88.0 endpoints on September 21st, 2023, at 11:18 PM CDT.
Fault
On Windows, authenticating to native Microsoft Office Applications was hanging in the webview window after successful authentication.
Detection
A customer support ticket was opened on September 22nd, 2023, at 11:23 AM CDT.
Root causes
- An unintentional change in the Microsoft webview window behavior on the Windows platform.
- The code review didn’t catch the change as the impacted line was not changed directly.
- Microsoft caches the login, and the QA team didn’t catch the issue.
- A faulty code was released.
Mitigation and resolution
- A bug was identified and fixed.
- Hotfix 2.88.1 for Windows was released.
Lessons learned
- [BIT-1643] We need to add a unit test that tests whether the content passed to this specific webview is actually a URL.
- [BIT-1644] The end-to-end testing needs to include a case that verifies that we do a valid redirect back to the application at the end.
- [BIT-1645] The QA team will add a pre-requisite for automated UI testing to clear potentially cached Microsoft sign-in.