search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
8.06k stars 628 forks source link

Application policy binding with group for new applications issue #9627

Open slimshizn opened 2 months ago

slimshizn commented 2 months ago

Describe the bug Group bindings are not working correctly for applications any longer. Only way for the policy to work is with "Negate result" on. With it on, all users can still login to it. To bypass for now I've had to use a policy binding for just my admin account.

To Reproduce Reproduction assumes you have an admin account and a non-admin account as well as two different groups minimum.

Create application create policy binding with group for "admins". Try to log in and get Policy binding 'Binding from App #0 to Group Admins' returned result 'False' Enable Negate result and now able to log in BUT now other accounts can now access application.

Expected behavior Binding applications to a group policy should lock out groups that are not part of the policy. It is not working.

Logs

Permission denied

Explanation:
Policy binding 'Binding from App #0 to Group Friends' returned result 'False'
Policy binding 'Binding from App #0 to Group Admins' returned result 'False'

Version and Deployment (please complete the following information):

authentik-automation[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

slimshizn commented 3 weeks ago

This is still an issue on 2024.4.