SAML Authentication not working with GEO

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem

It seems that "assertion_consumer_service_url" is required for SAML MR authentication to work properly which negates the requirement to remove this when you have Gitlab GEO with two URL's see

https://docs.gitlab.com/ee/administration/geo/replication/single_sign_on.html#saml-with-separate-url-with-proxying-enabled

The workaround is to enable and force redirection to a particular instance, but this gives us issues with teams integrating their Jenkins authentication using oAUTH.

The customer needs this feature to comply with CFR Part 11 as part of their audit process. While the feature was working, it seems to stop functioning when GEO is enabled. The customer would like to enable GEO to address a current slowness issue affecting one of their geographically located teams. However, they won't be able to proceed if this feature can't be enabled in their production instance.

Previous Issue outline desired workflow: #438758 (closed)

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖