Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Date

Authors

john o

Status

Documenting

Summary

User couldn’t log in to TIS Self-Service

Impact

The user was unable to view their submitted Form R

Non-technical Description

TSS user notified TIS that they could not log into the TSS app using their credentials. They had submitted a Form R back in December 2021 and wanted to log in again to view their submitted form.

Trigger

  • User emailed TIS to say they couldn’t login to TIS Self-Service

Detection

Inspecting the user pool configuration, there were several permissions issues:

  • The user pool did not have permission to invoke the lambda

  • The lambda did not have permission to call the admin auth endpoint

  • The lambda did not have permission to call the admin get user endpoint

The permissions have been resolved and the lambda now completes successfully, however the user is still not migrated and receives the error An error occurred (NotAuthorizedException) when calling the AdminInitiateAuth operation: Incorrect username or password. despite the password being known good due to the lambda being able to authenticate with it.

NOTE: A new user pool (v4) was created for the latest pilot (allowing for self-sign-up). When the user originally logged-in and submitted their Form R, they were a member of user pool v3.

Resolution

  • The ideal resolution is us to find and fix the the root cause of the above NotAuthorizedException error.
    In the meantime, there is a workaround available: sign up again using the same details and all existing data will be restored - which includes their submitted forms

Timeline

  • 10:00 Issue flagged-up in TSS channel. Initial checks/ assumptions user hadn’t signed-up yet so email reply sent to user advising them to sign up.

  • 15:35 Reply flagged up in TSS channel. User had already submitted a Form R and was trying to sign in again using the same credentials.

  • 15:35-16:40 Checks to migration process/ user pool config to try and establish the root cause.

  • 16:45 TSS channel msg asking for email reply to be sent advising user on next steps (either wait for fix or sign-up again).

Root Cause(s)

  • Not entirely sure of the root cause for NotAuthorizedException error (see Detection section above)

Action Items

Action Items

Owner

Lessons Learned

  • Probably first of its kind of request i.e. user wanting to log in again (via migration between user pools with different configs) to view submitted Form R. This is a good ‘stress test’ !

  • Reminder not to make too many assumptions (with hindsight, more clues were in the first email from user). Maybe a quick call might of helped to clarify things?

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.
 

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213