You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Our architecture:
Bitbucket server with Keycloak for SSO.
How to reproduce the bug:
Create a user in your Keycloak.
Assign groups to that user that are not authorized in Bitbucket.
Current behaviour
While trying to login in Bitbucket, there will be an infinite redirect loop between keycloak and bitbucket that will make your browser crash. The only solution in this case is to stop your browser.
Expeted behaviour:
Bitbucket should simply display an error page mentioning that the user is not authorized to access bitbucket.
I think this is a bug in Bitbucket because basically the user is correctly authentified at this moment. So for Keycloak everything looks fine. Bitbucket maybe is thinking that the user is wrong and sends the user back to Keycloak. And keycloak obviously sends the user back to bitbucket. In this case a simple error message mentioning that the user does not have groups or something like that should be sufficient.
More over I've seen that after all those users are marked as "unlicensed" in bitbucket when they do already exist in Bitbucket user directory.
Please provide us a fix for this bug.