VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
Describe the bug
The local account user and SSO (OIDC) user with same usernames aren't merged. This prevents the user to log in with password (and with SSO until approved by admin). It's impossible to delete or change permissions of the user afterwards (users are identified by username in REST requests).
To Reproduce
Steps to reproduce the behavior:
Go to "Access Management / Users"
Create a new user with username "test_user"
Confirm that the new user can log in
Configure SSO connection
Log in as "test_user" using SSO
Attempt to log in as "test_user" using password; Observe an error
Log in as Admin and approve "test_user" logged in with SSO
Log in as "test_user" using SSO (it should work as expected)
As an Admin, attempt to delete or edit "test_user"; Observe 500 error in DevTools
Expected behavior
The users with the same username should be considered either different entities or merged into a single account.
Describe the bug The local account user and SSO (OIDC) user with same usernames aren't merged. This prevents the user to log in with password (and with SSO until approved by admin). It's impossible to delete or change permissions of the user afterwards (users are identified by username in REST requests).
To Reproduce Steps to reproduce the behavior:
Expected behavior The users with the same username should be considered either different entities or merged into a single account.
Vectr Comunnity version: v8.4.3