Resolved -
Thank you for your patience. After working closely with affected customers, we believe the issue is now resolved.
We have also confirmed that for Ping Identity, both Always Sign Assertion and Sign Response As Required under the Signature Policy must be set to true for SSO to function properly.
If you still experience log-in issues after following the steps outlined in this incident, please contact our Customer Care team for assistance.
Mar 27, 15:18 CDT
Update -
Since we cannot determine whether customers' Identity Providers (IDPs) validate SAML signatures, our teams have proactively contacted all customers using Single Sign-On (SSO) with a SAML certificate.
While the issue has primarily affected Ping Identity customers, we have also identified potential impacts on Microsoft Active Directory Federation Service (ADFS) customers, who may need to enforce signing SAML authentication requests.
Identified -
Summary: Following our early morning Tenfold Unplanned Security Update—v5.30.1 Release, https://status.tenfold.com/incidents/4y87xksbfyfz, some Tenfold customers are experiencing Single Sign-On (SSO) login issues.
The most common error occurs after entering the SSO Organization or domain name in the Corporate Login tab of dashboard.tenfold.com, the UI, or the Chrome Extension. Users may see an "Invalid Signature" error, preventing them from logging in.
Who is Affected? Some SSO customers using Tenfold have Identity Providers that do not validate SAML request signatures, resulting in unsigned signatures.
How do you fix it? The impacted Identity Provider (IDP) currently appears to be Ping Identity. To resolve this, work with your IDP Admin to update the settings:
Completed -
The scheduled maintenance has been completed.
Mar 27, 02:30 CDT
In progress -
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Mar 27, 02:00 CDT
Scheduled -
Summary: Tenfold will implement an Unplanned security update in our v5.30.1 release on the scheduled date and time that will affect Single Sign-On (SSO) functionality. If your organization uses Tenfold’s SSO integration and your Identity Provider relies on Tenfold’s public encryption key, we’ll update this on the backend so that there is no impact on your current functionality.
Who is Affected? This update applies only to customers who use SSO to authenticate with Tenfold and whose Identity Provider is not validating SAML request signatures.
Key Notes This update is only necessary if your Identity Provider is not validating SAML signatures. While Tenfold’s SSO functionality is highly stable, configurations may vary. We recommend monitoring your SSO functionality after the update.