Skip to content

[BUG] Users added by username in GenericOIDC auth provider do not have access to resources #46105

New issue
New issue
Open
Open
[BUG] Users added by username in GenericOIDC auth provider do not have access to resources#46105
Assignees
joesims22
Labels
area/authenticationkind/bugIssues that are defects reported by users or that we know have reached a real releaseteam/colliethe team that is responsible for auth and rbac within rancher
@joesims22

Description

@joesims22
joesims22
opened on Jul 10, 2024

Rancher Server Setup

  • Rancher version: v2.9-head 3a6de11e
  • Installation option (Docker install/Helm Chart):
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): docker

Information about the Cluster

  • Kubernetes version: v1.30.2+k3s2
  • Cluster Type (Local/Downstream): downstream

Describe the bug
When GenericOIDC(keycloak) auth provider is enabled, auth provider users that are added to a cluster/project by their username are not able to access resources upon logging in. Only if a user is added by their userID will they have access to resources upon logging in.

To Reproduce

  1. Install rancher v2.9-head
  2. Create a downstream cluster
  3. Enable GenericOIDC using keycloak
  4. In the downstream cluster add testuser2 as a Cluster Owner
  5. Login as testuser2 and observe the downstream cluster is not listed

Expected Result
Users should be able to access resources when added by their username.

Metadata

Metadata

Assignees

Labels

area/authenticationkind/bugIssues that are defects reported by users or that we know have reached a real releaseteam/colliethe team that is responsible for auth and rbac within rancher

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions