We use SSO, and since a few days, some of our members are reporting being unable to access their account with the error:
There is a problem with your account. Please contact the site’s administrator
I thought this could be due to an issue I previously reported, so I checked if their IP address was on the Screened IPs: one of them was… but not of all the others.
verbose sso logging, I asked other users to try again and the /logs says their IP address is blocked:
Verbose SSO log: IP address is blocked xxx.xxx.xxx.xxx
However, I have double-checked, and the IP address does not show under Screened IPs. I also checked directly on the PostgreSQL
screened_ip_addresses table and no entry for the IP address.
I’m running out of ideas… Is there another section to block IP addresses that we should look into? Or are IP addresses added to the Screened IPs for a very short time and I never catch them after the report (a matter of a few hours)?
To be clear, we never add any IPs do the Screened IPs — they seem to be added automatically when we close someone’s account through the API (see link above) and we haven’t been able to stop this from happening using the documented
block_ip: false parameter.