Skip to content

Non-SAML users cannot tag SAML users for assignment and participants do not show up

Background

There have been some GitLab users that have noticed inconsistencies with their ability to tag certain users, whether it is via @ mention, or assign issues/MRs to them. We are unsure of where this is manifesting and want to bring in steps to reproduce from Slack to this issue, so that we can investigate.

Slack threads about this:

  1. https://gitlab.slack.com/archives/CETG54GQ0/p1717986682397709
  2. https://gitlab.slack.com/archives/CETG54GQ0/p1718075748637409

Steps to reproduce

  1. Create top-level group and enable SAML authentication for this group.
  2. Create user with the group's SAML identity.
  3. Add the user to the group members.
  4. Create two new users without SAML identity.
  5. Add those users to group members with Developer role.
  6. Create public project within the group.
  7. Create private project within the group.
  8. Sign in, via login/password, to any user account that has Developer role within the group and has no SAML identity.
  9. In public project, create new issue with "Public issue 1" name.
  10. In the "Public issue 1" leave a comment that mentions the user with the group's SAML identity and user without SAML idenitty. Example: cc @user-with-saml-identity @user-without-saml-identity.
  11. Bug: In the "Public issue 1" in Participants section you will see that user-without-saml-identity was added, but user-with-saml-identity was not added to the list.
  12. Assign user-with-saml-identity and user-without-saml-identity to the issue. You can do it via comment: /assign @user-with-saml-identity @user-without-saml-identity. Both users should be assigned.
  13. In private project, create new issue with "Private issue 1" name.
  14. In the "Private issue 1" leave a comment that mentions the user with the group's SAML identity and user without SAML idenitty. Example: cc @user-with-saml-identity @user-without-saml-identity.
  15. Bug: In the "Private issue 1" in Participants section you will see that user-without-saml-identity was added, but user-wit-saml-identity was not added to the list.
  16. Assign user-with-saml-identity and user-without-saml-identity to the issue. You can do it via comment: /assign @user-with-saml-identity @user-without-saml-identity.
  17. Bug: In the "Private issue 1" in Assignee section you will see that user-without-saml-identity was added, but user-wit-saml-identity was not added to the list.
  • Note related to Participants section: After user-with-saml-identity sign ins via the group SAML SSO they are added to both issues as Participants.

To-Do

Edited by Bogdan Denkovych