VCS integration between GitLab.com and Terraform Cloud breaks after SSO session times out

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Label this issue
• Close this issue

Summary

Problem to solve

Terraform Cloud users that use the GitLab.com VCS integration and enforce SSO on their namespace will find that the connection is lost after 24 hours when the session expires.

This is due to during the step 3.2 of the configuration process that users are asked to connect and authorise the application which would require connecting and completing the SSO sign-in process.

Since SSO is enforced it is not possible to create a dedicated user without SSO to complete this process.

Steps to reproduce

1. Setup a SSO on a group
2. Enable Enforce SSO authentication, Enforce SSO-only authentication for web activity and Enforce SSO-only authentication to Git and Dependancy Proxy activity for the group.

3. Create a connection with Terraform Cloud using the VCS integration as outlined in the Hashicorp documentation.

Testing done by Hashicorp mention that the problem goes after disabling Enforce SSO-only authentication to Git and Dependancy Proxy activity for this group setting.

What is the current bug behavior?

Connected VCS Applications disconnect after 24 hours. To resolve this issue customers need to log back into GitLab.com with the user which authorised the connection.

What is the expected correct behavior?

SSO sessions should not be tied with applications connections after the application has been successfully authorised.

Output of checks

Possible fixes