Group Policy can require active SAML SSO session for web access (!10034) · Merge requests · GitLab.org / GitLab · GitLab

James Edwards-Jones requested to merge jej/group-saml-sso-enforcement into master Mar 14, 2019

What does this MR do?

When a group enforces SSO this prevents web access to group resources unless the user has signed in with SAML.

What does this MR not do?

Cover other access such as SSH
Cover all sub-resources
Add additional session duration limits
Redirect to sign in page

Related

Implements "Prevent access to basic group resources by intercepting find_routable!" from https://gitlab.com/gitlab-org/gitlab-ee/issues/9255
https://gitlab.com/gitlab-org/gitlab-ee/issues/5758 but without the 24h timeout

Acceptance criteria

Open draft documentation MR that can be merged with the feature flag removal
Tests added for this feature/bug
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
EE specific content should be in the top level /ee folder

Edited May 06, 2019 by James Edwards-Jones