Revert attempted fix for SAML with Geo

Michael Kozonorequested to merge
revert-0b1e1444 into master

What does this MR do and why?

Describe in detail what your merge request does and why.

Reverts !101321 (merged).

See #372490 (comment 1177019922):

@sranasinghe Unfortunately I think !101321 (merged) did not resolve the problem.

Why?

From #372490 (comment 1135465297):

  1. When I interact with the primary, authentication works as expected.
  2. When I visit the secondary while signed in to the IdP, then I land on the secondary and can browse it as expected.
  3. But when I visit the secondary while signed out of the IdP, then I go through the expected authentication flow, but at the very end, instead of landing on the secondary, I land on the primary.

A question to affected admins: Is 2 true for you as well?

It appears the answer to my question is: No, 2 does not happen on production environments. When you visit the secondary site, you are stuck signed out. Clicking on your SAML provider won't get you a session at the secondary site. You'll land on the primary site, signed-in. If you manually visit the secondary site root, which is the dashboard, which requires you to be signed in, then you'll land on the sign in page. I should have noticed more clues which pointed to this answer.

!101321 (merged) fixed the problem in 3. Unfortunately, it depends on 2 being true.

At the moment, I suspect the reason why 2 is true locally is because both sites are at the same host (just different ports). So session cookies produced by either site are available to both sites. ??

What now?

!101321 (merged) does no harm, and is defaulted off. But I will revert it since it does not solve the problem and adds unnecessary logic.

We can still address this with #378356 (closed). It was needed anyway, at least the documentation part, for versions that are too far to backport fixes to. Also, in the absence of a magic fix, it seems like #378356 (closed) is the expected way that this would be solved.

To those waiting on a resolution, apologies for the inconvenience 🙇

Related to #372490 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports