While working on the SSO and trying to add SSO users to SUPER_USERS list, I noticed a security issue how SUPER_USERS is implemented.
Say I add MSP's SSO (OpenID Connect provider, idp-1) user, Alex, to SUPER_USERS list, say I also configure another OpenID Connect provider (idp-2) for tenants to SSO into the same Quay.
Now if tenant idp-2 also has a user, Alex, who will have Quay's SUPER_USERS admin privileges, although that is not intended.
We will configure single Verify instance for MSP only. The experience would be that MSP admin automatically create organization and robot account token, share it with tenants when tenant account is created.
We would also recommend that Redhat blocks two identity provider option, and harden the SUPER_USERS checking to check both immutable userid from IdP and IdP name.