This issue has been created
 
 
OpenId Connect / cid:jira-generated-image-avatar-af207817-ea59-4858-bda8-8ff1018b12ca OIDC-238 Open

Internal server error 500 when the user are not in oidc.groups.allowed
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-b9e3c3d2-4adb-4e4d-8825-202a8eb5398d mdc created this issue on 06/Jun/25 09:18
 
Summary: Internal server error 500 when the user are not in oidc.groups.allowed
Issue Type: cid:jira-generated-image-avatar-af207817-ea59-4858-bda8-8ff1018b12ca Bug
Affects Versions: 2.18.1
Assignee: Unassigned
Created: 06/Jun/25 09:18
Labels: security
Priority: cid:jira-generated-image-static-major-db4bdaa1-8b25-4414-8509-5df703379ec7 Major
Reporter: mdc
Description:

When the user which will log in are not the group specified by oidc.groups.allowed, he will see only an internal error 500. And his session create on the IDP will not destroyed, this can be an security problem. See more here.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.