Test plan for "SAML Session Enforcement breaks Git HTTP access"
Test Plan
Introduction
This test plan is for https://gitlab.com/gitlab-org/gitlab-ee/issues/11779
We had a production incident after rolling out enforced_sso_requires_session
flag where Git HTTP access was not working when SSO Enforcement is enabled and session was required.
See:
- RCA: SSO enforcement feature breaking pipelines
- Groups inaccessible where SAML is enabled and enforced
- SSO not working
Related:
- [Feature flag] Enable SSO Session Enforcement
- Implement access controls when SSO enforcement enabled
Scope
- Includes Git over HTTP
- Does not include Git over SSH
Test Plan
- Enable
enforced_sso
andenforced_sso_requires_session
flags. - Setup group saml sso for a group with a project.
- Enable enforce SSO for the group.
- Clone the project over http and ensure clone succeeded.
Edited by Sanad Liaquat