diff --git a/src/yunohost/app.py b/src/yunohost/app.py
index 7938d6786..bba5fb104 100644
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@@ -429,8 +429,10 @@ def app_map(app=None, raw=False, user=None):
             continue
         if 'no_sso' in app_settings:  # I don't think we need to check for the value here
             continue
-        if user and user not in permissions[app_id + ".main"]["corresponding_users"]:
-            continue
+        if user:
+            main_perm = permissions[app_id + ".main"]
+            if user not in main_perm["corresponding_users"] and "visitors" not in main_perm["allowed"]:
+                continue
 
         domain = app_settings['domain']
         path = app_settings['path']
@@ -2613,10 +2615,8 @@ def _parse_args_in_yunohost_format(args, action_args):
             if arg_value not in domain_list()['domains']:
                 raise YunohostError('app_argument_invalid', name=arg_name, error=m18n.n('domain_unknown'))
         elif arg_type == 'user':
-            try:
-                user_info(arg_value)
-            except YunohostError as e:
-                raise YunohostError('app_argument_invalid', name=arg_name, error=e)
+            if not arg_value in user_list()["users"].keys():
+                raise YunohostError('app_argument_invalid', name=arg_name, error=m18n.n('user_unknown', user=arg_value))
         elif arg_type == 'app':
             if not _is_installed(arg_value):
                 raise YunohostError('app_argument_invalid', name=arg_name, error=m18n.n('app_unknown'))
diff --git a/src/yunohost/tests/test_permission.py b/src/yunohost/tests/test_permission.py
index 51bf6a4c6..bef042be1 100644
--- a/src/yunohost/tests/test_permission.py
+++ b/src/yunohost/tests/test_permission.py
@@ -19,7 +19,7 @@ def clean_user_groups_permission():
         user_delete(u)
 
     for g in user_group_list()['groups']:
-        if g != "all_users":
+        if g not in ["all_users", "visitors"]:
             user_group_delete(g)
 
     for p in user_permission_list()['permissions']:
@@ -162,8 +162,7 @@ def check_permission_for_apps():
 def can_access_webpage(webpath, logged_as=None):
 
     webpath = webpath.rstrip("/")
-    webroot = webpath.rsplit("/", 1)[0]
-    sso_url = webroot+"/yunohost/sso"
+    sso_url = "https://"+maindomain+"/yunohost/sso/"
 
     # Anonymous access
     if not logged_as:
@@ -177,6 +176,8 @@ def can_access_webpage(webpath, logged_as=None):
                          headers={"Referer": sso_url,
                                   "Content-Type": "application/x-www-form-urlencoded"},
                          verify=False)
+            # We should have some cookies related to authentication now
+            assert session.cookies
             r = session.get(webpath, verify=False)
 
     # If we can't access it, we got redirected to the sso
@@ -413,30 +414,28 @@ def test_permission_app_change_url():
 
 def test_permission_app_propagation_on_ssowat():
 
-    # TODO / FIXME : To be actually implemented later ....
-    raise NotImplementedError
-
     app_install("./tests/apps/permissions_app_ynh",
                 args="domain=%s&path=%s&is_public=1&admin=%s" % (maindomain, "/urlpermissionapp", "alice"), force=True)
 
     res = user_permission_list(full=True)['permissions']
-    assert res['permissions_app.main']['allowed'] == ["all_users"]
+    assert res['permissions_app.main']['allowed'] == ["visitors"]
 
-    assert can_access_webpage(maindomain + "/urlpermissionapp", logged_as=None)
-    assert can_access_webpage(maindomain + "/urlpermissionapp", logged_as="alice")
+    app_webroot = "https://%s/urlpermissionapp" % maindomain
+    assert can_access_webpage(app_webroot, logged_as=None)
+    assert can_access_webpage(app_webroot, logged_as="alice")
 
     user_permission_update("permissions_app.main", remove="visitors", add="bob")
     res = user_permission_list(full=True)['permissions']
 
-    assert not can_access_webpage(maindomain + "/urlpermissionapp", logged_as=None)
-    assert not can_access_webpage(maindomain + "/urlpermissionapp", logged_as="alice")
-    assert can_access_webpage(maindomain + "/urlpermissionapp", logged_as="bob")
+    assert not can_access_webpage(app_webroot, logged_as=None)
+    assert not can_access_webpage(app_webroot, logged_as="alice")
+    assert can_access_webpage(app_webroot, logged_as="bob")
 
     # Test admin access, as configured during install, only alice should be able to access it
 
-    assert not can_access_webpage(maindomain + "/urlpermissionapp/admin", logged_as=None)
-    assert not can_access_webpage(maindomain + "/urlpermissionapp/admin", logged_as="alice")
-    assert can_access_webpage(maindomain + "/urlpermissionapp/admin", logged_as="bob")
+    assert not can_access_webpage(app_webroot+"/admin", logged_as=None)
+    assert can_access_webpage(app_webroot+"/admin", logged_as="alice")
+    assert not can_access_webpage(app_webroot+"/admin", logged_as="bob")
 
 def test_permission_legacy_app_propagation_on_ssowat():