Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set restricted or admin is performed after the second user login via OIDC auth #32566

Open
evgnblkn opened this issue Nov 19, 2024 · 0 comments
Labels

Comments

@evgnblkn
Copy link

evgnblkn commented Nov 19, 2024

Description

The parameters "Group Claim value for administrator users" (admin-group) and "Group Claim value for restricted users" (restricted-group) work only when the user logs in for the second time. When a user logs in for the first time after registration, the user parameters "Is Administrator" and "Is Restricted" are not set, but are set when the user logs out and logs in again.
The behavior is a little similar to #26415, but it concerns the assignment to organizational teams.
I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image and KeyCloak v26.0.5 as an OIDC provider.

Gitea Version

1.22.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/evgnblkn/ed964e56a5c9531e5b7200647cb3c064

Screenshots

from Gitea Authentication Source:

изображение

In the Keycloak settings "Client scopes" I added a dedicated mapper with the type "User Realm Role"

изображение

Created realm roles

изображение

...and added these roles to the user

изображение

Git Version

No response

Operating System

No response

How are you running Gitea?

I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image.

Database

PostgreSQL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant