Update OmniAuth Shibboleth gem to latest (!20354) · Merge requests · GitLab.org / GitLab FOSS

The source project of this merge request has been removed.

Tom Downes requested to merge (removed):update_shibboleth into master Jul 04, 2018

What does this MR do?

This updates the OmniAuth Shibboleth gem from 1.2.0 to 1.3.0.

Why was this MR needed?

Without this, users in common federated Shibboleth/SAML environments can be denied on the basis that they have an invalid e-mail address even if they are properly registered and the identity infrastructure is behaving according to specification.

The gem was upgraded to support a new argument :multi_values which allows Devise to handle when the the shibboleth has received multiple values for an argument that GitLab requires to be single-valued. The particular problem I have is that Shibboleth authentication receives assertions (Shibboleth is an implementation of SAML) from two sources:

The Identity Provider
An Attribute Authority

When a user is present in both sources and both sources assert the same property, the SAML assertion for their e-mail becomes multi-valued. e.g.

mail: thomas.downes@ligo.org;thomas.downes@ligo.org

It is the position of the Shibboleth project that it is the responsibility of the application to handle this gracefully. Effectively speaking, this MR allows the Middleware to solve the problem rather than GitLab.

As a practical matter, it also ensures that GitLab users can rely upon the omniauth-shibboleth documentation as it presently appears.

What are the relevant issue numbers?

A reasonable description of the issue is on the omniauth-shibboleth issues page.

Edited Jul 04, 2018 by Tom Downes

Update OmniAuth Shibboleth gem to latest

What does this MR do?

Why was this MR needed?

What are the relevant issue numbers?

Merge request reports