Issue

We have configured access permissions for the repositories, using the kie-config-cli[.sh|.bat]. The output of the list-repo command for two customer repositories shows the applied security settings:

    Repository customerA
     scheme: git
     uri: git://customerA
     environment: {security:groups=[roleA], password=****, scheme=git, managed=false, origin=ssh://bpmsAdmin@localhost:8001/customerA, username=bpmsAdmin}
     groups: [roleA]

    Repository customerB
     scheme: git
     uri: git://customerB
     environment: {security:groups=[roleB], password=****, scheme=git, managed=false, origin=ssh://bpmsAdmin@localhost:8001/customerB, username=bpmsAdmin}
     groups: [roleB]

We have a custom LoginModule configured for business-central, which checks if the user is already logged in from the calling application, and which adds the roles for the current tentant.

Everything seems to work fine. We have access we expect in Business Central, based on the role, and we’re able to use the roles tied to the user to determine access to repositories in Business Central, based on the security groups assigned to the repositories.

The issue comes when we want to end the session in Business Central. Although we are invalidating the session, there is a certain use case where the logout does not seem to work as expected and the newly logged in user can still see the repositories from the previous session. This seems to be the case when the user name is reused for different tenants, and different roles are assigned by our custom LoginModule.