Bug 2038691
Summary: | [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" | ||||||
---|---|---|---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Xingxing Xia <xxia> | ||||
Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> | ||||
Status: | CLOSED ERRATA | QA Contact: | Xingxing Xia <xxia> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 4.10 | CC: | aos-bugs, mfojtik, surbania | ||||
Target Milestone: | --- | ||||||
Target Release: | 4.10.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2022-03-10 16:37:59 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Xingxing Xia
2022-01-09 15:39:27 UTC
Verified in 4.10.0-0.nightly-2022-01-14-015144 with original steps, no panic now, login can succeed, and 'oc get group group1 -o yaml' is added one single annotation 'oauth.openshift.io/idp.keycloak-oidc: synced'. Further test: after removing people1 from group1 in the IdP side, log in again successfully, then 'oc get group' shows the manually created group1 being empty is not removed, and the user is not shown in the group. Everything is fine. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |