### Summary After https://gitlab.com/gitlab-org/gitlab/-/commit/51bd1570e4cbf9c1e6fafe164fdda738150b4f69 (@habdul-razak @dblessing) GitLab now introduces `external = null` values into the database and returns `external = null` via the User API where a boolean is expected. We have an omnibus installation of 17.5.5 running locally with the following SSO/SAML configuration: ``` gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_auto_link_ldap_user'] = false gitlab_rails['omniauth_auto_link_saml_user'] = true gitlab_rails['omniauth_providers'] = [ { name: 'saml', args: { assertion_consumer_service_url: 'https://ADDRESS/users/auth/saml/callback', idp_cert: 'REDACTED', idp_sso_target_url: 'https://REDACTED/simplesaml/saml2/idp/SSOService.php', issuer: 'https://ADDRESS', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', attribute_statements: { nickname: ['uid'], name: ['displayName', 'cn'] } }, label: 'Login with SSO' } ] ``` Our SSO doesn't return any `external` attribute. ### What is the current *bug* behavior? If logging in via SAML/SSO GitLab stores a `null` for the `user.external` attribute. This value is directly accessible via the Users API. Querying the user returns `external: null`. The User API specification indicates that a `bool` should be returned. ### Steps to reproduce 1. Query a user via the user API 2. Login with such user via SAML with the above or identical configuration 3. Query the same user to find an invalid `external` attribute. #### Results of GitLab environment info <details> <summary>Expand for output related to GitLab environment info</summary> <pre> System information System: Current User: git Using RVM: no Ruby Version: 3.2.5 Gem Version: 3.5.17 Bundler Version:2.5.11 Rake Version: 13.0.6 Redis Version: 7.0.15 Sidekiq Version:7.2.4 Go Version: unknown GitLab information Version: 17.5.5 Revision: c8c89100f5b Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 14.11 URL: https://ADDRESS HTTP Clone URL: https://ADDRESS/some-group/some-project.git SSH Clone URL: git@ADDRESS:some-group/some-project.git Using LDAP: yes Using Omniauth: yes Omniauth Providers: saml GitLab Shell Version: 14.39.0 Repository storages: - default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Gitaly - default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket - default Version: 17.5.5 - default Git Version: 2.46.2 </pre> </details> ### Possible fixes [On Discord](https://discord.com/channels/778180511088640070/1327632533097021513/1327643183282131067) by @dblessing . ``` def external_user? return true if external_provider? return intersecting_external_groups? if external_users_enabled? false end ```