Implement a dedicated tab for SmartCard login (no LDAP)
Problem to solve
We implemented SmartCard-only authentication in GitLab in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8120, but we're modifying this implementation in https://gitlab.com/gitlab-org/gitlab-ee/issues/7693 since the highest demand is for including LDAP support.
However, we should retain the authentication as-built - even if an instance doesn't have LDAP set up, there's still value in forcing users to login/out with their SmartCard (and using these credentials with GitLab). We're not verifying these credentials against an LDAP server, but they're still being pulled off a physical token.
Proposal
- Allow an instance the option of enabling a "SmartCard" authentication option that uses credentials off a card to login. This authentication strategy doesn't use an external service, only attempting to match credentials on the card to existing records locally in GitLab.
Note: we'll need to consider how we present the "SmartCard" tab to not confuse users with using a SmartCard with a configured LDAP server (likely in a different tab).