This is a clone of issue
OCPBUGS-533. The following is the description of the original issue:
Description of problem:
customer is using Azure AD as openid provider and groups synchronization from the provider.
The scenario is the following:
- user A login.
groups are created with the membership.
User A is member of a group with admin rights and it's cluster-admin
- user B login:
groups are updated with membership
UserB is also member of the group with admin rights and it's cluster admin
- user A login:
groups are identical as in the former step.
user A has no administration rights.
The groups memberships are the same in step 2 and 3.
The cluster role bindings of the groups have never changed.
the only way to have user A again the admin rights is to delete the membership from the group and have user A login again.
I have not managed to reproduce this using RH SSO. Neither Azure AD.
But my configuration is not exactly the same yet.
Version-Release number of selected component (if applicable):
Steps to Reproduce: