Our architecture:
Bitbucket server with Keycloak for SSO.
How to reproduce the bug:
Create a user in your Keycloak.
Assign groups to that user that are not authorized in Bitbucket.
Current behaviour
While trying to login in Bitbucket, there will be an infinite redirect loop between keycloak and bitbucket that will make your browser crash. The only solution in this case is to stop your browser.
Expeted behaviour:
Bitbucket should simply display an error page mentioning that the user is not authorized to access bitbucket.
I think this is a bug in Bitbucket because basically the user is correctly authentified at this moment. So for Keycloak everything looks fine. Bitbucket maybe is thinking that the user is wrong and sends the user back to Keycloak. And keycloak obviously sends the user back to bitbucket. In this case a simple error message mentioning that the user does not have groups or something like that should be sufficient.
More over I've seen that after all those users are marked as "unlicensed" in bitbucket when they do already exist in Bitbucket user directory.
Please provide us a fix for this bug.
