We have received reports that a bug has been found in the OpenID Connect login in version 6.7.0. This leads to a broken login when running just-in-time user provisioning. Downgrade is recommended until an update is published.
Because of an error parsing of attributes in the ID token with the new feature in 6.7.0, any non-username attributes like email and groups and other data are exempt from the data that is parsed in the login process, thereby breaking just-in-time user provisioning and group assignments since this data is lost along the way.
This will in some cases lead to a broken login, and users will not be able to log into the respective Atlassian system. So far it seems like this bug only affects installations that are running just-in-time user provisioning in their OIDC setup.
Version 6.7.0. has been withdrawn from the marketplace. Please downgrade to the previous version (6.6.3), and await a patch to be released in version 6.7.1. If you have trouble downgrading or get errors in the manage apps section, please see this process on how to downgrade to a stable version: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1099300916