Skip to content

Allow SSO callbacks through maintenance mode

Catalin Irimie requested to merge cat-sso-maintenance-mode-14-3 into 14-3-stable-ee

This is a backport of !73550 (merged), next follows the same description.

What does this MR do and why?

When using other authentication methods, like SSO, LDAP, the path and controllers are slightly different, as they redirect back to a callback handled by Omniauth.

This adds the specific routes and controller to the allowlist in the read-only middleware to allow them to go through.

Related to #329261 (closed)

How to set up and validate locally

  1. You can enable LDAP and SAML using the GDK docs
  2. Enable maintenance mode
  3. Try to login using LDAP, SAML, notice the maintenance mode read-only error
  4. Checkout this branch, try to login and it should work as expected

I've personally patched this code on a GET setup where I've tested in the context of #343804 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports