Application policy binding with group for new applications issue

[slimshizn]

Describe the bug
Group bindings are not working correctly for applications any longer. Only way for the policy to work is with "Negate result" on. With it on, all users can still login to it. To bypass for now I've had to use a policy binding for just my admin account.

To Reproduce
Reproduction assumes you have an admin account and a non-admin account as well as two different groups minimum.

Create application
create policy binding with group for "admins".
Try to log in and get Policy binding 'Binding from App #0 to Group Admins' returned result 'False'
Enable Negate result and now able to log in BUT now other accounts can now access application.

Expected behavior
Binding applications to a group policy should lock out groups that are not part of the policy. It is not working.

Logs

Permission denied

Explanation:
Policy binding 'Binding from App #0 to Group Friends' returned result 'False'
Policy binding 'Binding from App #0 to Group Admins' returned result 'False'

Version and Deployment (please complete the following information):

• authentik version: 2024.4.2
• Deployment: docker-compose