Test Plan for "SAML Enforcement session is not set when using 2FA on GitLab"
Test Plan
Introduction
This test plan is for: https://gitlab.com/gitlab-org/gitlab-ee/issues/11749
We had a production incident after rolling out enforced_sso_requires_session
flag. The saml session isn't getting set during 2FA and so the users were being denied access to their sso enabled group.
See:
- RCA: SSO enforcement feature breaking pipelines
- Groups inaccessible where SAML is enabled and enforced
- SSO not working
Related:
- [Feature flag] Enable SSO Session Enforcement
- Implement access controls when SSO enforcement enabled
Scope
- Includes testing that a SAML session is set during or after the 2FA flow
Test Plan
This is most likely to be tested in spec/features
and not e2e level.
- Enable
enforced_sso
andenforced_sso_requires_session
flags - Setup SAML SSO for a group.
- Enable 2FA
- Login to the group and ensure SAML session is set and that the access is granted.