Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
organizations
Describe the bug
In our web application, when requesting the organization:* scope, the authentication flow fails to redirect users to their Identity Provider (IdP) if they belong to multiple organizations.
Version
26.2.4
Regression
- The issue is a regression
Expected behavior
If a user belongs to a single organization with an associated IdP, the authentication flow correctly redirects to the IdP.
If a user belongs to multiple organizations, the authentication flow should still redirect to the appropriate IdP.
Actual behavior
When a user belongs to multiple organizations and the organization:* scope is requested, the authentication flow does not redirect to the IdP and instead proceeds with the username/password form.
If the organization:* scope is not requested, the user is correctly redirected to the IdP, regardless of whether they belong to one or multiple organizations.
How to Reproduce?
- Configure a user to belong to multiple organizations, each with an associated IdP.
- Initiate authentication in the web application with the organization:* scope.
- Observe that the flow does not redirect to the IdP and instead presents the username/password form.
- Repeat the process without the organization:* scope and confirm the correct IdP redirect.
Anything else?
No response