SSO enforcement for Git and API access
Works by looking up browser sessions stored in Redis to see if the user has any active SAML sessions for the group a resource belongs to. When we are in a web request we use the current session. Outside of web requests we check for background sessions.
Showing with 227 additions and 26 deletions