Test Plan for "SAML Enforcement session is not set when using 2FA on GitLab"
This test plan is for: #11749 (closed)
We had a production incident after rolling out
enforced_sso_requires_session flag. The saml session isn't getting set during 2FA and so the users were being denied access to their sso enabled group.
- RCA: SSO enforcement feature breaking pipelines
- Groups inaccessible where SAML is enabled and enforced
- SSO not working
- [Feature flag] Enable SSO Session Enforcement
- Implement access controls when SSO enforcement enabled
- Includes testing that a SAML session is set during or after the 2FA flow
This is most likely to be tested in
spec/features and not e2e level.
- Setup SAML SSO for a group.
- Enable 2FA
- Login to the group and ensure SAML session is set and that the access is granted.