[RHIDP-5958] fix dangerouslyAllowSignInWithoutUserInCatalog for OIDC auth provider - Red Hat Issue Tracker

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: 1.5.0
Affects Version/s: 1.4.0
Component/s: Authentication
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Release Note Text:

Hide
= Change in sign-in resolver configuration location
In the previous release, configuring the sign-in resolver to bypass user provisioning in the {product-short} software catalog required setting dangerouslyAllowSignInWithoutUserInCatalog: true at the root of the {my-app-config-file} file.

In this release, this configuration has been deprecated at the root level and moved to the resolver configuration section. It now applies specifically to that resolver. For more details, see link:{authentication-book-title}[{authentication-book-url}].

Show
= Change in sign-in resolver configuration location In the previous release, configuring the sign-in resolver to bypass user provisioning in the {product-short} software catalog required setting dangerouslyAllowSignInWithoutUserInCatalog: true at the root of the {my-app-config-file} file. In this release, this configuration has been deprecated at the root level and moved to the resolver configuration section. It now applies specifically to that resolver. For more details, see link:{authentication-book-title}[{authentication-book-url}].
Release Note Type:
Deprecated Functionality
Release Note Status:
Done
Intelligence Requested:
Market:

Sprint:
RHDH Security 3270

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

This config does not work for the following auth providers, but main focus is on OIDC since it's the one we claim support for:

azure-easyauth
bitbucket
bitbucketServer
cfaccess
google
oidc
okta
saml

Steps to Reproduce

try to apply this config with the mentioned providers

Actual results:

No change in sign-on behaviour (sign in by users not in the catalog will be rejected)

Expected results:

Allow sign in without user existing in the catalog

Reproducibility (Always/Intermittent/Only Once):

Always

Build Details:

Additional info (Such as Logs, Screenshots, etc):

is depended on by

RHIDP-6025 [QE] update auth tests for dangerouslyAllowSignInWithoutUserInCatalog

Closed

relates to

RHIDP-5959 [Docs] Update dangerouslyAllowSignInWithoutUserInCatalog config docs to reflect new behaviour

Closed

links to

redhat-developer/rhdh#2354: fix: refactor authProviderModule and `dangerouslyAllowSignInWithoutUserInCatalog` config

Assignee:: Jessica He

Reporter:: Jessica He

Team:: RHIDP - Security

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/02/11 9:52 PM

Updated:: 2025/03/13 7:18 AM

Resolved:: 2025/03/04 5:25 PM

Details

Description

Description of problem:

Steps to Reproduce

Actual results:

Expected results:

Reproducibility (Always/Intermittent/Only Once):

Build Details:

Additional info (Such as Logs, Screenshots, etc):

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide