GitLab Pages not enforcing SAML settings
Summary
It has been highlighted by a customer that Gitlab pages does not appear to enforce saml group settings when set to private.
Having spoken to the g_manage_authoraization slack channel it seems that authorization in pages
works independently. So even if this feature is implemented in gitlab
, it needs to be added to pages
too.
I have been asked to raise an issue to get this reviewed.
Steps to reproduce
Example Project
What is the current bug behavior?
Gitlab pages does not appear to enforce the SAML group settings when the group is set to private. Saml is enforced for the project, but not the pages site. So basically you can log in to GitLab and view the pages site from anywhere, not where the same IDP restricts you too (in our case, the UK)
What is the expected correct behavior?
Saml authentication should take place when people are viewing pages.
Relevant logs and/or screenshots
Output of checks
Possible fixes
Edited by Hayden Matthews