Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
The parameters "Group Claim value for administrator users" (admin-group) and "Group Claim value for restricted users" (restricted-group) work only when the user logs in for the second time. When a user logs in for the first time after registration, the user parameters "Is Administrator" and "Is Restricted" are not set, but are set when the user logs out and logs in again.
The behavior is a little similar to #26415, but it concerns the assignment to organizational teams.
I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image and KeyCloak v26.0.5 as an OIDC provider.
Description
The parameters "Group Claim value for administrator users" (admin-group) and "Group Claim value for restricted users" (restricted-group) work only when the user logs in for the second time. When a user logs in for the first time after registration, the user parameters "Is Administrator" and "Is Restricted" are not set, but are set when the user logs out and logs in again. The behavior is a little similar to #26415, but it concerns the assignment to organizational teams. I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image and KeyCloak v26.0.5 as an OIDC provider.
Gitea Version
1.22.3
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/evgnblkn/ed964e56a5c9531e5b7200647cb3c064
Screenshots
from Gitea Authentication Source:
In the Keycloak settings "Client scopes" I added a dedicated mapper with the type "User Realm Role"
Created realm roles
...and added these roles to the user
Git Version
No response
Operating System
No response
How are you running Gitea?
I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image.
Database
PostgreSQL