Non-SAML users cannot tag SAML users for assignment and participants do not show up
Background
There have been some GitLab users that have noticed inconsistencies with their ability to tag certain users, whether it is via @
mention, or assign issues/MRs to them. We are unsure of where this is manifesting and want to bring in steps to reproduce from Slack to this issue, so that we can investigate.
Slack threads about this:
- https://gitlab.slack.com/archives/CETG54GQ0/p1717986682397709
- https://gitlab.slack.com/archives/CETG54GQ0/p1718075748637409
Steps to reproduce
- Create top-level group and enable SAML authentication for this group.
- Create user with the group's SAML identity.
- Add the user to the group members.
- Create two new users without SAML identity.
- Add those users to group members with
Developer
role. - Create public project within the group.
- Create private project within the group.
- Sign in, via login/password, to any user account that has
Developer
role within the group and has no SAML identity. - In public project, create new issue with "Public issue 1" name.
- In the "Public issue 1" leave a comment that mentions the user with the group's SAML identity and user without SAML idenitty. Example:
cc @user-with-saml-identity @user-without-saml-identity
. -
Bug: In the "Public issue 1" in Participants section you will see that
user-without-saml-identity
was added, butuser-with-saml-identity
was not added to the list. - Assign
user-with-saml-identity
anduser-without-saml-identity
to the issue. You can do it via comment:/assign @user-with-saml-identity @user-without-saml-identity
. Both users should be assigned. - In private project, create new issue with "Private issue 1" name.
- In the "Private issue 1" leave a comment that mentions the user with the group's SAML identity and user without SAML idenitty. Example:
cc @user-with-saml-identity @user-without-saml-identity
. -
Bug: In the "Private issue 1" in Participants section you will see that
user-without-saml-identity
was added, butuser-wit-saml-identity
was not added to the list. - Assign
user-with-saml-identity
anduser-without-saml-identity
to the issue. You can do it via comment:/assign @user-with-saml-identity @user-without-saml-identity
. -
Bug: In the "Private issue 1" in Assignee section you will see that
user-without-saml-identity
was added, butuser-wit-saml-identity
was not added to the list.
- Note related to Participants section: After
user-with-saml-identity
sign ins via the group SAML SSO they are added to both issues as Participants.
To-Do
-
Remove subgroup https://gitlab.com/gitlab-com/bdenkovych-gitlab-issue-467267
Edited by Bogdan Denkovych