Describe the bug
Group bindings are not working correctly for applications any longer. Only way for the policy to work is with "Negate result" on. With it on, all users can still login to it. To bypass for now I've had to use a policy binding for just my admin account.
To Reproduce
Reproduction assumes you have an admin account and a non-admin account as well as two different groups minimum.
Create application
create policy binding with group for "admins".
Try to log in and get Policy binding 'Binding from App #0 to Group Admins' returned result 'False'
Enable Negate result and now able to log in BUT now other accounts can now access application.
Expected behavior
Binding applications to a group policy should lock out groups that are not part of the policy. It is not working.
Logs
Permission denied
Explanation:
Policy binding 'Binding from App #0 to Group Friends' returned result 'False'
Policy binding 'Binding from App #0 to Group Admins' returned result 'False'
Version and Deployment (please complete the following information):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the bug Group bindings are not working correctly for applications any longer. Only way for the policy to work is with "Negate result" on. With it on, all users can still login to it. To bypass for now I've had to use a policy binding for just my admin account.
To Reproduce Reproduction assumes you have an admin account and a non-admin account as well as two different groups minimum.
Create application create policy binding with group for "admins". Try to log in and get
Policy binding 'Binding from App #0 to Group Admins' returned result 'False'
EnableNegate result
and now able to log in BUT now other accounts can now access application.Expected behavior Binding applications to a group policy should lock out groups that are not part of the policy. It is not working.
Logs
Version and Deployment (please complete the following information):