Enforced SSO shouldn't break container registry authentication
What
Prevents JwtController from triggering session based permission checks
Why
This was breaking Docker Registry access when Group SAML SSO session enforcement was enabled.
JwtController is used to issue JWT bearer tokens, which are used for access to the Docker Container Registry. Instead of using an existing rail session this controller allows access via credentials and issues a session-less token. Because of this it doesn't make sense to check/store the session for things like Group SAML enforcement.
Related
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/12701
Conformity
Edited  by James Edwards-Jones