Error in User Authorization when integrating with Keycloak

[Apurva Vaingankar]

Hi,

We are facing below issue in Business central(version 7.25.0) related to User Authorization:

We have integrated Google Auth in the Business Central and all role assignments for Authentication and Authorization are done via Google Auth, integrated using Keycloak. 

One user is given admin role in Keycloak. 

When we log in Business Central using Google Auth Credentials we are successfully able to login and it works as required.

Issue comes when we try to make any changes in Permissions for any pre-defined roles or Custom Group permission via Business Central Application. Once the changes in permissions are saved and tried to login with any other user we get below Authorization error.(Even for Admin role).

We did some research and we found that there is invalid entry made in security-policy.properties file which maps the groups/roles vs permissions. It adds the admin users Username as group and permission mapping against it. 

For example User te...@gmail.com

group...@gmail.com.permission.perspective.read=false   

Above entry is made.

This looked like wrong entry so we checked by manually removing all entries related to this and it worked fine. Not sure how and why this entry is added. And looks like entries are made only for admin users however Authorization is failed for all Users once these types of entries are made.

Is this a known issue? Has this been fixed in any recent releases?

Right now we are trying to perform User Authorization and any change in Permissions now or later will add the incorrect entry and we will have to make changes manually in this file.

If this is not known issue, could we please have to noted and fixed in further releases?

Please let me know if any further information is required.

Regards,

Apurva