2024-02-28: 500 error when sign-in with SAML on GitLab.com

Customer Impact

Starting 5:30 UTC 28-2-2024, users for certain providers that integrate using SAML started experiencing 500 error on GitLab.com. The cause was identified as a security improvement that filters out SAML response content from logs. The parser for the SAML response to filter unnecessary attributes generated the error preventing these users to sign in. The offending code change was reverted and deployed by 19:00 UTC 28-2-2024. The impact was for about 16 groups on GitLab.com and 8200 login attempts (which includes reattempts by users). A temporary workaround was to disable SSO.

Current Status

More information will be added as we investigate the issue. For customers believed to be affected by this incident, please subscribe to this issue or monitor our status page for further updates.

📚 References and helpful links

Recent Events (available internally only):

Feature Flag Log - Chatops to toggle Feature Flags Documentation
Infrastructure Configurations
GCP Events (e.g. host failure)

Deployment Guidance

Use the following links to create related issues to this incident if additional work needs to be completed after it is resolved:

Note: In some cases we need to redact information from public view. We only do this in a limited number of documented cases. This might include the summary, timeline or any other bits of information, laid out in our handbook page. Any of this confidential data will be in a linked issue, only visible internally. By default, all information we can share, will be public, in accordance to our transparency value.

Security Note: If anything abnormal is found during the course of your investigation, please do not hesitate to contact security.

Edited Feb 29, 2024 by Adil Farrukh