If the user is not in any keycloak group and logging in with an IDIR (eg when logging in for the first time), the application logs the user in, but redirects to the 'you must be logged in' page.
Desired behaviour
The user is redirected to /request-access-notice
Dev notes
The custom mapper running a small piece of javascript to extract the broker_session_id was removed as part of either the OCP4 migration or a Keycloak update.
see what @matthieu-foucault did for cif in the dev realm, we can extract identity_provider from the User Session Notes and pass that to the client within the id_token claim
Probability (1-5): 1
(only if a new IDIR person non-configured in the system tries to access)
Effect (1-5): 2
(wrong redirect for user, goes back to a requires login page even though they are logged in)
Describe the Bug:
Desired behaviour
Dev notes
The custom mapper running a small piece of javascript to extract the broker_session_id was removed as part of either the OCP4 migration or a Keycloak update. see what @matthieu-foucault did for cif in the dev realm, we can extract
identity_providerfrom the User Session Notes and pass that to the client within theid_tokenclaimProbability (1-5): 1
(only if a new IDIR person non-configured in the system tries to access)
Effect (1-5): 2
(wrong redirect for user, goes back to a requires login page even though they are logged in)