diff --git a/components/public-api-server/pkg/apiv1/oidc.go b/components/public-api-server/pkg/apiv1/oidc.go index 3ee2555e896b62..964a4720753c1a 100644 --- a/components/public-api-server/pkg/apiv1/oidc.go +++ b/components/public-api-server/pkg/apiv1/oidc.go @@ -493,7 +493,7 @@ func assertIssuerIsReachable(ctx context.Context, issuer *url.URL) error { }, } - req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String(), nil) + req, err := http.NewRequestWithContext(ctx, http.MethodHead, issuer.String()+"/.well-known/openid-configuration", nil) if err != nil { return err } diff --git a/components/server/src/user/user-authentication.ts b/components/server/src/user/user-authentication.ts index ddb2f3051fb631..e665f9bce62a53 100644 --- a/components/server/src/user/user-authentication.ts +++ b/components/server/src/user/user-authentication.ts @@ -6,7 +6,7 @@ import { injectable, inject } from "inversify"; import { User, Identity, Token, IdentityLookup } from "@gitpod/gitpod-protocol"; -import { EmailDomainFilterDB, MaybeUser, UserDB } from "@gitpod/gitpod-db/lib"; +import { BUILTIN_INSTLLATION_ADMIN_USER_ID, EmailDomainFilterDB, MaybeUser, UserDB } from "@gitpod/gitpod-db/lib"; import { HostContextProvider } from "../auth/host-context-provider"; import { log } from "@gitpod/gitpod-protocol/lib/util/logging"; import { Config } from "../config"; @@ -214,7 +214,10 @@ export class UserAuthentication { const isMultiOrgEnabled = await getExperimentsClientForBackend().getValueAsync("enable_multi_org", false, { gitpodHost: this.config.hostUrl.url.host, }); - return isAllowedToCreateOrganization(user, isDedicated, isMultiOrgEnabled); + return ( + isAllowedToCreateOrganization(user, isDedicated, isMultiOrgEnabled) || + (isDedicated && user.id === BUILTIN_INSTLLATION_ADMIN_USER_ID) + ); } async isBlocked(params: CheckIsBlockedParams): Promise {