The AuthN policy selfservice is not created by dataseed job when admin scope enforced is set to true in the tenant.

After having upgraded VIP Authentication Hub to 3.4, and trying to play with self service console.

Cannot get in as super admin.

Trying to find a new app and a new policy in the admin console and couldn't find it.

{"timestamp":"2025-05-06T07:20:30.704419Z","msg":"Client with the name: SelfServiceConsole is not present",
{"timestamp":"2025-05-06T07:20:30.767791Z","msg":"Application with name: SelfServiceConsole added successfully.",
{"timestamp":"2025-05-06T07:20:30.768127Z","msg":"SelfServiceConsole is created with clientid: 84638ba1-3bd3-430c-92ca-1c2803da379c",
{"timestamp":"2025-05-06T07:20:30.792586Z","msg":"Creating AZ Policy 'SelfServiceConsole' for tenant 'system' (<value>), AppIDs '[<value>, <value>]'. New Policy '{\\\"isGrantableClientOnly\\\":true,\\\"policyName\\\":\\\"SelfServiceConsole\\\",\\\"displayName\\\":\\\"Self Service Console\\\",\\\"description\\\":\\\"Internal role for OOTB system self service console client\\\", [...omitted for brevity...]
{"timestamp":"2025-05-06T07:20:31.939120Z","msg":"Created AZ Policy 'SelfServiceConsole', ID '<value>' for tenant 'system' (<value>)","tid":"<value>","tname":"system"}
{"timestamp":"2025-05-06T07:20:31.939723Z","msg":"Successfully initialized SelfServiceConsoleClient",

It was created at system level.

Checking the SelfServiceLoginPolicy AuthN Policy on the tenant level, and it's not there.

Accessing it by its id:

/adminconsole/policies/<value> it brings back to the dashboard.

Checking the dataseed job logs:

from json policy file 'selfServiceConsoleAuthnPolicy.json'. Error No Scope registered for scope name 'request'"

and hence selfserviceloginpolicy isn't created.

There are scoping constraints created earlier to the upgrade.

When administrative scope enforced is true, the authN self-service is not created disabling it, re-running the upgrade workaround the issue.

VIP Authentication Hub 3.4

Upgrade to VIP Authentication Hub version 3.4.1 to benefit fix from DE635168.

As workaround:

First, disable the AdminScopeEnforced, and then, upgrade where policy got seeded, and then after the upgrade, re-enabled the AdminScopeEnforced setting.