Add Group level SAML callback for GitLab.com SSO
What
Gives users access to a group when they sign in with Group level SAML SSO.
This MR focuses on the callback flow, with SAML authentication/validation being processed by the GroupSaml
Omniauth middleware. We link a user's Identity
to the SamlProvider
and add them as members of the group.
Extracted from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4076
Why
Group level SAML SSO on GitLab.com will minimize the administrative burden of adding users to groups manually. See &40 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Backend
-
-
EE specific content should be in the top level /ee
folder -
Internationalization required/considered -
If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan -
End-to-end tests pass ( package-qa
manual pipeline job)