Sanitized RelayState redirect for Group SAML
Background
When users sign in with Group SAML SSO they are sent to an identity server which sends the user back to use after signing in. That server can also set or pass through a RelayState to say which page the user was trying to access and we'll redirect them there after GitLab sign in.
What
Santize the RelayState to prevent a redirect to external services
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug - Conform by the code review guidelines
-
Has been reviewed by a Backend maintainer
-
-
EE specific content should be in the top level /eefolder
What are the relevant issue numbers?
Edited by James Edwards-Jones