alangmaid
commented
7 months ago This ticket needs to be done after the ICAM changes are complete.
Open maheese opened 7 months ago
alangmaid
commented
7 months ago This ticket needs to be done after the ICAM changes are complete.
mxtomoto1
commented
5 months ago Tester is unable to log in with multi-role account max.k001 on ECMPS dev (the same account can successfully log into dev.epadex.net). Upon being redirected to login.gov, the instance is interrupted and brought back to the ECMPS global front page with the error text "invalid state or nonce".
mxtomoto1
commented
5 months ago Tester is unable to log in on ECMPS dev with multi-role account max.k001 (same account is able to successfully log into dev.epacdx.net). When the browser is redirected to login.gov, the instance gets interrupted and brought back to ECMPS dev global front page with the error text "invalid state or nonce".
yonatan-dp
commented
5 months ago Hi @mxtomoto1 , can you please retest this in the dev environment?
esaber76
commented
4 months ago Confirmed the following (in test due to bypass in dev) with an account that has Sponsor, Submit, and Prepare roles:
maheese
commented
4 months ago Using my mheese-ds account which has a preparer, two submitter and a sponsor role in CDX, I was able to export/import MP, QA, and EM data for Gadsby, 1.
Users with the CDX preparer role and one or more other roles for EASEY or another CDX program, will get a forbidden resource error when importing data into ECMPS 2.0. The issue is caused by this line of code in the role-guard of easey-common. The code is expecting one role and for that role to be "Preparer". In reality a user may have more than one CDX role for the EASEY program. Also when ECMPS pulls roles from CDX it should only pull roles for the EASEY program (dataflow) not other CDX programs. This issue is caused by this function in the auth-api which retrieves all roles for a user and org combination.