Link existing accounts to credentials when signing in via CAS

Problem to solve

When you sign in using CAS with an email address that already exists, you get an error message instead of being logged in. The error message says: Error 422, the change you have requested was rejected. In the address bar the URL ends with Email+has+already+been+taken. I would like an option created where the CAS login will link up to the existing account.

Further details

This is very similar to https://gitlab.com/gitlab-org/gitlab-ce/issues/26010, except it is for CAS instead of OAuth. @jeremy_ said I should create a new issue and mention him.

Proposal

I think a gitlab_rails['omniauth_auto_link_cas_user'] = true option should be created. gitlab_rails['omniauth_auto_link_saml_user'] = true exists. In addtion, consider the following two workflows:

This works:

• First login is with CAS, account is created
• User logs in with SAML, account is linked up, everything works

This fails:

• First login is with SAML, account is created
• User logs in with CAS, error message, user cannot log in with CAS unless then go into their settings and connect the CAS account first. That's an extra step most users won't take.

What does success look like, and how can we measure that?

I want to be able to create a GitLab account with an email address. Then I'd like to log in via CAS with an account that uses the same email address and I want to be logged in with the original account.