glpi-project/glpi

SSO Authentication Clears User Authorizations Set by SCIM

Closed this issue · 1 comments

richyyuen commented

Code of Conduct

  • I agree to follow this project's Code of Conduct

Is there an existing issue for this?

  • I have searched the existing issues

Version

GLPI 11 rc5

Bug description

Users synchronized via SCIM plugin with correct entity and profile assignments (using Authorizations assignment rules) lose their authorizations when authenticating through SSO plugin, resulting in "no authorization" errors.

  • SCIM sync works correctly: users and groups are synchronized
  • Authorization rules work correctly: users are assigned to proper entities and profiles
  • SSO authentication succeeds: users can log in
  • Issue: After SSO login, users have no authorizations and receive "no authorization" error
Image Image Image

Relevant log output



Page URL


No response


Steps To reproduce


    

  1. Configure SCIM plugin to sync users/groups from Entra ID
    2. 

  2. Set up authorization rules to assign users from specific groups to entities and profiles
    3. 

  3. Verify users are correctly synchronized with proper authorizations
    4. 

  4. Configure SSO plugin for Entra ID authentication
    5. 

  5. Attempt to log in using SSO
    6. 

  6. Observe that login succeeds but user has no authorizations
    7. 



Your GLPI setup information


No response


Anything else?


No response
trasher commented 
This issue seems related to a plugin, please open issue on plugin repository.