Skip to content

Relay state allowlist UI and controller changes

Smriti Garg requested to merge smriti-410062/relay_state_ui_and_controller_changes into master

What does this MR do and why?

MR is for controller and UI changes as mentioned here

#410062 (comment 1438436341)

As per further discussion the setting is only needed at group level and not at instance level. Hence with this MR we are getting rid of relay_state_domain_allowlist column from Application Setting table.

Screenshots or screen recordings

Group level with Saml provider Relay state domain allowlist settings - Screenshot_2023-07-11_at_2.46.24_PM

Migrations for remove column

Screenshot_2023-08-09_at_10.15.40_PM

Screenshot_2023-08-09_at_10.20.51_PM

How to set up and validate locally

  1. Enable Feature flag relay_state_allowlist_implement from the console Feature.enable(:relay_state_allowlist_implement)
  2. Configure Relay state allowlist either at group level or application level
  3. Configure Group Saml for the application https://docs.gitlab.com/ee/user/group/saml_sso/example_saml_config.html#okta
  4. At okta end specify Default Relay State configuration as one of the subpaths specified in allowlist, user should be redirected to the specified subpath after sign in
  5. Specify Default Relay state as some value not in the allowlist, user should be redirected to root group path

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Smriti Garg

Merge request reports