Back to All Scenarios
PASSEDsecurity / oauth2_provider_outage_sso
OAuth2 Provider Outage — All SSO Logins Failing
The external OAuth2/OIDC identity provider (Okta) is experiencing a major outage. All SSO login attempts fail because the authorization endpoint is unreachable. Users cannot authenticate to any application that relies on Okta for SSO, affecting the entire organization.
Pattern
CONNECTION_REFUSED
Severity
CRITICAL
Confidence
95%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CONNECTION_REFUSED | CONNECTION_REFUSED | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 36 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Okta as sole IdP for 15 applications. Okta authorization endpoint returning errors. No fallback authentication method. 2000 employees unable to login. All SSO-dependent applications inaccessible.
Injected Error Messages (3)
Okta identity provider unreachable — authorization endpoint https://company.okta.com/oauth2/default/v1/authorize returning econnrefused, Okta status page confirms major incident affecting authentication services in US-East region, all OIDC/OAuth2 flows failing at authorization step, token endpoint also unreachable, SAML assertion endpoint returning errors
internal portal login completely broken — SSO redirect to Okta failing with econnrefused, users seeing 'identity provider unavailable' error page, no local authentication fallback configured, 2000 employees unable to access portal since 08:00, all portal functionality behind SSO wall, connection refused on callback URL processing when attempting to exchange authorization code
CRM application authentication failing — OAuth2 authorization code flow to Okta returning econnrefused, all sales team members (350 users) locked out of CRM, connection refused on token exchange endpoint, customer data inaccessible, no break-glass local admin account configured, all 15 SSO-integrated applications experiencing identical authentication failures
Neural Engine Root Cause Analysis
This is an external service outage where Okta's identity provider infrastructure in the US-East region is experiencing a major incident affecting all authentication services. The ECONNREFUSED errors indicate Okta's servers are either down or rejecting connections, confirmed by their status page showing authentication service disruption. This is impacting all OAuth2/OIDC flows and SAML assertions, creating a cascade of 14 correlated incidents as downstream services cannot authenticate users.
Remediation Plan
1. Monitor Okta status page for incident updates and ETA for resolution 2. Implement emergency fallback authentication if available (local accounts, backup IdP) 3. Communicate service disruption to users with clear messaging about external dependency 4. Consider temporarily disabling authentication requirements for critical internal services if business continuity demands it 5. Prepare to verify and test all authentication flows once Okta reports service restoration 6. Document incident timeline for post-mortem and consider multi-IdP strategy to prevent future single points of failure
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmncki0x909piobqezk0g6yk0