IAM Support Request: Groups on rabimba's Mozillians profile

hmitsch · October 30, 2019, 7:18am

Hi IAM Team,

we identified a strange situation with @rabimba’s profile. The impact is that Mozillians profile holder rabimba is unable to login to Mozilla Slack.

According to his Mozillians profile, @rabimba is part of both the nda and slack-access groups.

When he opens the /info endpoint, his groups claim looks weird:

"https://sso.mozilla.com/claim/groups": [
      "everyone", 
      "mozilliansorg_apps", 
      "mozilliansorg_automation", 
      "mozilliansorg_firefox", 
      "mozilliansorg_firefoxos", 
      "mozilliansorg_mozdev", 
      "mozilliansorg_sf-monument", 
      "mozilliansorg_sumo", 
      "mozilliansorg_mozspeakers", 
      "mozilliansorg_security", 
      "mozilliansorg_army of awesome", 
      "mozilliansorg_nda", 
      "mozilliansorg_techspeakers"
    ],

Two observations:

mozilliansorg_slack-access is missing
rabimba’s Tags are converted to Access Groups.

I think @rabimba is using Github+2FA for authentication. The AAI/AAL claim looks good:

"https://sso.mozilla.com/claim/AAI": [
      "2FA"
    ], 
"https://sso.mozilla.com/claim/AAL": "MEDIUM"

Hope you can help us.

Best regards,
Henrik

kang · October 31, 2019, 3:41pm

Hi,

Ive manually fixed the profile claims while we diagnose how it’s happening. it could flip back to the wrong state (please let me know if it does)

rabimba · November 3, 2019, 4:56am

For now it’s working for me. Will report back if anything stops working

syam · December 24, 2019, 10:35am