-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.11
-
None
This is a clone of issue OCPBUGS-533. The following is the description of the original issue:
—
Description of problem:
customer is using Azure AD as openid provider and groups synchronization from the provider.
The scenario is the following:
1)
- user A login.
groups are created with the membership.
User A is member of a group with admin rights and it's cluster-admin
2)
- user B login:
groups are updated with membership
UserB is also member of the group with admin rights and it's cluster admin
3)
- user A login:
groups are identical as in the former step.
user A has no administration rights.
The groups memberships are the same in step 2 and 3.
The cluster role bindings of the groups have never changed.
the only way to have user A again the admin rights is to delete the membership from the group and have user A login again.
I have not managed to reproduce this using RH SSO. Neither Azure AD.
But my configuration is not exactly the same yet.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
- clones
-
OCPBUGS-533 member loses rights after some other user login
- Closed
- is blocked by
-
OCPBUGS-533 member loses rights after some other user login
- Closed
- is depended on by
-
OCPBUGS-2553 [release-4.10] member loses rights after some other user login in openid / group sync
- Closed
- links to