This is related to
DS-682. When org.dspace.content.Collection.findAuthorizedPerformanceOptimize=true in your dspace.cfg, permissions applied to special groups (especially via LDAP or Shibboleth) are ignored.
Unfortunately, the "findAuthorizedPerformanceOptimize" feature assumes that all group memberships are contained in the database. This is not the case when using special groups (whose membership is determined dynamically, often using LDAP or Shibboleth or similar).
After activating Shibboleth Authentication in Dspace, we have some problems with the special groups not being read, when submitting to a collection that has that group.
1 - The group staff is created and added to a collection.
2 - After Shibboleth authentication, a user has the staff group associated (comes from IdP).
3 - When the option "Submit to collection is selected"no collection appears, saying "You are not authorized to submit to any collections", even when exists a group exists and is associated with a collection .
We think that the problem lies in the JSPSelectCollectionStep.java, maybe lacking the code to read the special groups that comes from the IdP data.
I know we don't give much detail, but we can provide access to our dspace installation (if needed) to reproduce the error.