Rudder plugins » Authentication backends

It seems that an aliased role permission is not correctly carried to API endpoints.

When log with an aliased administrator, trying to go to user management plugin, I get:

[2024-02-14 10:58:59+0100] DEBUG auth-backends - Identifying OIDC user info with sub: '00u3smso2m5zF2jom5d7' on rudder user base using login: 'francois@rudder.io'
[2024-02-14 10:58:59+0100] TRACE auth-backends - IdP configuration has registered role mapping: [(rudder_admin,administrator); (rudder_readonly,readonly)]
[2024-02-14 10:58:59+0100] DEBUG auth-backends - Role 'role-oidc-a' does not match any Rudder role, ignoring it for user francois@rudder.io
[2024-02-14 10:58:59+0100] DEBUG auth-backends - Role 'role-oidc-b' does not match any Rudder role, ignoring it for user francois@rudder.io
[2024-02-14 10:58:59+0100] DEBUG auth-backends - Principal 'francois@rudder.io': mapping IdP provided role 'rudder_admin' to Rudder role 'administrator' 
[2024-02-14 10:58:59+0100] INFO  application.authorization - Principal 'francois@rudder.io' role list extended with OIDC provided roles: [rudder_admin(administrator)] (override: true)
[2024-02-14 10:58:59+0100] DEBUG auth-backends - Principal 'francois@rudder.io' final list of roles: [administrator]
[2024-02-14 10:58:59+0100] INFO  application - Rudder authentication attempt for principal 'francois@rudder.io' with backend 'oidc': success
[2024-02-14 10:58:59+0100] INFO  compliance - [metrics] global compliance (number of components): 6388 [p:6196 s:0 r:0 e:0 u:0 m:0 nr:192 na:0 rd:0 c:0 ana:0 nc:0 ae:0 bpm:0]
[2024-02-14 10:59:04+0100] ERROR api-processing - Authorization error for 'GET secure/api/usermanagement/users': User 'francois@rudder.io' is not allowed to access GET secure/api/usermanagement/users
[2024-02-14 10:59:04+0100] ERROR com.normation.rudder.rest.RestUtils - "Authorization error: User 'francois@rudder.io' is not allowed to access GET secure/api/usermanagement/users" 

But perhaps it's just an instance of: https://issues.rudder.io/issues/23254