Thrasys Admin [23/Jul/21 08:36 PM] Or allow setting an auth/security provider to use in SSO configuration for fall back.

Thrasys Admin [02/Aug/21 04:54 PM] As a workaround until this issue is resolved. I created a script to run daily to set setAuthenticator on all users. groovy: com.pmease.quickbuild.persistence.SessionManager.openSession(); try { def userMgr = com.pmease.quickbuild.entitymanager.UserManager.instance; for (usr in userMgr.getAll()) { if (usr.getName().endsWith("@<our domain>") ) { // don't want to set local accounts just those created by SSO if (usr.getAuthenticator() == null) { logger.info("Updating Authenticator for User:" + usr.getName()); usr.setAuthenticator("AzureAD-DS"); userMgr.save(usr); } else { logger.info("Authenticator already set User:" + usr.getName()); } } else { logger.info("Skipping User:" + usr.getName()); } } } finally { com.pmease.quickbuild.persistence.SessionManager.closeSession(); }

ChangSeop LEE [25/Jan/23 07:26 AM] I think this query changed the login procedure, the "authenticate" function, to call the "findByAccessToken" function before authenticating with authenticators. From my perspective, I need to update the group list user belongs to whenever a user logs in. However, this modification finishes the "authenticate" function before updating the group list. As QuickBuild changed to check all authenticators in case some of them are down(QB-3836), How about moving the calling of the "findByAccessToken" function to the end of the "authenticate" function instead of the beginning? I also needed a modification that authenticates users with saved IDs and passwords when all registered authenticators are out of service.