SAML Group Sync: MVC
3 big companies are asking if our SAML implementation supports the transfer of group memberships to GitLab, just like our LDAP Group Sync does. Unfortunately it is not possible, as SAML only serves as an Omniauth provider and nothing else.
Concrete questions / Next steps
Implementing this will require GitLab to directly use the
ruby-samlgem for group management in a similar way we do right now for LDAP.
dzaporozhets what do you think about adding such a feature to EE?
makes sense. I think we should not promise it anyone before investigating if its possible.
I might be wrong but I think you added SAML support to GitLab. Can you check if group sync with SAML is something that can be done without going to hell? I think its not urgent so 8.1 or 8.2 for investigation should be fine. cc sytse
I didn't build SAML support, CERN did. If there is someone else available to investigate this please take over as I have lots of things to handle in omnibus-gitlab.
- Product: issue description is accurate with an acceptable proposal for an MVC
- Engineering: issue is implementable with few remaining questions, is sufficiently broken down, and is able to be estimated