Geo: Fix redirect to secondary after SAML sign in
What does this MR do and why?
Describe in detail what your merge request does and why.
Geo: Fix redirect to secondary after SAML sign in
Due to changes to the authentication flow for single sign-on via secondary Geo sites, users who sign in via Geo secondaries with SAML are landing on the primary site. This is very confusing and may break some workflows.
This commit causes the primary site to remember which site the user attempted to sign in through. And then after successful sign in, the user is redirected to that site.
This implementation gets around the fact that a typical SAML
configuration will have a single ACS (Assertion Consumer Service) URL
defined in the SAML Identity Provider configuration, as well as in the
primary Geo site's gitlab.rb
(Omnibus GitLab) or values.yaml
(GitLab
Helm Chart). This is possible because the secondary site only acts as a
proxy in the authentication workflow, and the primary knows that the secondary site's URL is safe to
redirect to after sign in. It should work without action by sysadmins,
whereas specifying a particular ACS configuration would require action,
and might not even be possible, depending on the Identity Provider.
Fixes #372490 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.