Geo: Add tests to ensure Geo with SAML continues to work
From #372490 (comment 1206984109):
✅ Success! Removingassertion_consumer_service_url
fromgitlab.rb
causesomniauth-saml
to default tocallback_url
. Andcallback_path
defaults to/users/auth/saml/callback
. And this leads tocallback_url
usingrequest.host
(I am not 100% sure where this happens, maybe Rails' UrlFor).
The forthcoming Geo with SAML documentation depends on specific behavior of omniauth-saml
, omniauth
, and devise
gems.
We should add tests that ensure this desired behavior.
It should go something like:
If Gitlab.config.omniauth.providers
contains an entry with name "saml"
, and that provider config does not contain a key assertion_consumer_service_url
.
Then, the SAML Request XML data in the redirect produced by the /users/auth/saml
route should contain an md:AssertionConsumerService
field with a Location
attribute of the form https://mygitlab.example.com/users/auth/saml/callback
.
Additionally, if the request Host header is different than the current host, then the Location
attribute should use the request Host rather than the current host.