Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.10
-
None
-
Important
-
Rejected
-
False
-
-
Customer Escalated
Description
This is a clone of issue OCPBUGS-533. The following is the description of the original issue:
—
Description of problem:
customer is using Azure AD as openid provider and groups synchronization from the provider.
The scenario is the following:
1)
- user A login.
groups are created with the membership.
User A is member of a group with admin rights and it's cluster-admin
2)
- user B login:
groups are updated with membership
UserB is also member of the group with admin rights and it's cluster admin
3)
- user A login:
groups are identical as in the former step.
user A has no administration rights.
The groups memberships are the same in step 2 and 3.
The cluster role bindings of the groups have never changed.
the only way to have user A again the admin rights is to delete the membership from the group and have user A login again.
I have not managed to reproduce this using RH SSO. Neither Azure AD.
But my configuration is not exactly the same yet.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
Attachments
Issue Links
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to
