Skip to content

2024-12-02: 500 errors on authenticate using gitlab as an IDP

Customer Impact

Customers that use GitLab as IDP would experience a 500 when trying to access the /oauth/authorize endpoint. Any tooling that also uses this functionality, for example any integrations such as the one with Grafana - would also see a 500 error - thus failing to login.

Right now, less then 1% of the customers are getting affected, the issue is that they have no workaround:

ffe

source

Current Status

We identified which MR caused the issue: gitlab-org/gitlab!171628 (merged)

There is a fix prepared: gitlab-org/gitlab!174366 (merged)

However, fix will take 4-6 hours to land on production, so we manually run this migration in produciton until it's deployed to production to IncidentMitigated and have customers able to log into their system as well.

📝 Summary for CMOC notice / Exec summary:

  1. Customer Impact: Customers that use GitLab as identity provider are impacted, they are blocked from accessing services connected to GitLab authentication
  2. Service Impact:
  3. Impact Duration: 8:15 utc - end time UTC ( duration in minutes )
  4. Root cause: Change of default value on db level to null.

📚 References and helpful links

Recent Events (available internally only):

Deployment Guidance

Use the following links to create related issues to this incident if additional work needs to be completed after it is resolved:

Note: In some cases we need to redact information from public view. We only do this in a limited number of documented cases. This might include the summary, timeline or any other bits of information, laid out in our handbook page. Any of this confidential data will be in a linked issue, only visible internally. By default, all information we can share, will be public, in accordance to our transparency value.

Security Note: If anything abnormal is found during the course of your investigation, please do not hesitate to contact security.

Edited by Steve Xuereb