When using a simple configuration for scitokens as the following one, for example: ``` [Global] audience = https://wlcg.cern.ch/jwt/v1/any,https://elvin-dev01.cern.ch [Issuer OSG-Connect] issuer = https://wlcg.cloud.cnaf.infn.it/ base_path = / map_subject = False default_user = dteam001 ``` The default user is not propagated to the XrdSecEntity structure since there is not rule to apply and this then defaults to setting an empty string for the username: https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L244 Therefore, a few lines below both `scope` and `mapping` are false, so this falls through any configured chained library: https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L387 This was behaving differently in the 4.8.* branch, where the given `default_user` was properly passed to the XrdSecEntity structure using the same configuration as above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1567 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1