Last week, we fixed a rather unusual bug with Single sign-on (SSO) authentication, which was impacting customers who were using SSO with multiple knowledge bases, especially if Subscriptions were enabled on any of those knowledge bases.
The basic issue: if you had the same SSO authentication enabled on multiple knowledge bases, when a reader logged in, we updated their reader account to only have access to that knowledge base. This meant that if you logged into three knowledge bases in one day, your KnowledgeOwl reader account would only ever show the most recent knowledge base you'd logged into, not all three.
For the most part, this wasn't a problem--you were authenticated properly and could access the resources you need.
But there's one feature it directly impacted: Subscriptions.
When we process subscriptions, we verify that if a subscription exists, the reader still has access to that knowledge base. We do this as a safety precaution in case a reader has been deleted or their access has changed to guarantee they're not getting any info they should no longer see.
But this meant that if you were using SSO to log in to multiple knowledge bases and subscribing to things in those knowledge bases, we would only process subscriptions for the most recent knowledge base you accessed and our clean-up script would automatically delete subscriptions to other knowledge bases.
This bug has existed for quite a long time, so if you have run into issues using subscriptions in multiple SSO-enabled knowledge bases, you were impacted by it.
The good news is that we've confirmed the fix through careful monitoring of subscription logging.
The only action that may be needed is for your readers:
This will ensure that:
- their reader account site access is properly updated to include multiple knowledge bases, rather than only the most recent.
- their subscriptions are properly updated to all knowledge bases. Since they'll no longer be incorrectly deleted during our access checks, subscriptions should work properly for them now.
