feat(api): only remap SAML user roles when the IdP sends userType (#11520)

This commit is contained in:
Adrián Peña
2026-06-16 14:18:16 +02:00
committed by GitHub
parent f21304c6a8
commit 181197177c
5 changed files with 234 additions and 80 deletions
+1
View File
@@ -46,6 +46,7 @@ All notable changes to the **Prowler API** are documented in this file.
### 🔄 Changed
- Allowlisted idempotent background tasks are no longer lost when a worker is stopped or crashes mid-task; tasks with external side effects are marked terminal instead of blindly re-running [(#11416)](https://github.com/prowler-cloud/prowler/pull/11416)
- SAML logins no longer wipe a user's roles when the IdP does not send the `userType` attribute; existing roles are kept, and when `userType` names a role that does not exist it is now created with read-only access (visibility over all providers, no management permissions) instead of no permissions at all [(#11520)](https://github.com/prowler-cloud/prowler/pull/11520)
### 🐞 Fixed