-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.12
-
None
-
+
-
Important
-
None
-
Auth - Sprint 224, Auth - Sprint 225, Auth - Sprint 226
-
3
-
Rejected
-
False
-
-
-
Bug Fix
-
Done
Description of problem:
customer is using Azure AD as openid provider and groups synchronization from the provider.
The scenario is the following:
1)
- user A login.
groups are created with the membership.
User A is member of a group with admin rights and it's cluster-admin
2)
- user B login:
groups are updated with membership
UserB is also member of the group with admin rights and it's cluster admin
3)
- user A login:
groups are identical as in the former step.
user A has no administration rights.
The groups memberships are the same in step 2 and 3.
The cluster role bindings of the groups have never changed.
the only way to have user A again the admin rights is to delete the membership from the group and have user A login again.
I have not managed to reproduce this using RH SSO. Neither Azure AD.
But my configuration is not exactly the same yet.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
- account is impacted by
-
-
- Closed
-
- blocks
-
-
- Closed
-
- impacts account
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
