Project 'gitlab-org/manage/general-discussion' was moved to 'gitlab-org/foundations/general-discussion'. Please update any links and bookmarks that may still have the old path.
16.3 Planning for Manage::Auth
16.3 Milestone: 2023-07-18 to 2023-08-17
%16.2 Planning issue: #17633 (closed)
Boards
- Build Board ( %16.3 milestone issues to be built)
- Workflow Board ( %16.3 issues in their current workflow states SSoT)
- Cross-Functional Prioritization Board
- Bug Prioritization Sisense Dashboard (Handbook page)
Capacity
Preliminary capacity
Team | Weight |
---|---|
frontend | 2w |
backend | 48w |
Capacity Goals
- typemaintenance - 4w
- typefeature - 24w
- typebug - 12w
- bugvulnerability - 8w
Objectives & Themes
Security Issue Summary
- https://gitlab.com/gitlab-org/gitlab/-/issues/416246+
- Enforce SSO settings bypassed for public projec... (gitlab-org/gitlab#414367 - closed)
- Leaking emails of newly created users (gitlab-org/gitlab#394775 - closed)
typefeature list
Product prioritized- Customizable Roles - assist groupthreat insights and groupcompliance , Group Management Permission, possibly something from this list.
- Enterprise Users - finish up automated claims
- Notifications for expiring tokens (already marked Deliverable) - Group, Project
- Tiering for Service Accounts - enforce limit in GitLab Premium
- FedRAMP : https://gitlab.com/gitlab-org/gitlab/-/issues/369134+
- Customizable Roles UI
typebug list
Quality prioritisedLink to all open bugs with ~Deliverable label
- Microsoft Azure AD as OIDC provider yields 422 ... (gitlab-org/gitlab#383311 - closed) | W? priority2 severity2 customer
- User can be added as subgroup/project member wi... (gitlab-org/gitlab#413079 - closed) | W2 priority2 severity3 customer Deliverable
- Unverified secondary emails are reserved (gitlab-org/gitlab#367823 - closed) | W3 priority2 severity3 customer Support Efficiency Support Priority
- With SAML + LDAP error occurs if LDAP does not ... (gitlab-org/gitlab#24956 - closed) | W? priority2 severity3 customer Deliverable
- 401 error when cloning repository using service... (gitlab-org/gitlab#416590 - closed) | W2 priority2 severity3 customer Deliverable
- New sign-in page has hardcoded logo width (gitlab-org/gitlab#378719 - closed) | W2 priority2 severity3 customer
- Unable to logout when using an oauth2 provider ... (gitlab-org/gitlab#31203 - closed) | W? priority2 severity3 customer
- Group SSO redirects to the sign in page instead... (gitlab-org/gitlab#366076 - closed) | W2 priority2 severity3 customer Support Efficiency
- Reoccurring GitLab.com logouts (gitlab-org/gitlab#414501) | W2 priority2 severity3 customer
- IdP initiated Group SAML redirects to https://g... (gitlab-org/gitlab#330288 - closed) | W3 priority2 severity3 customer
- Backgroup migrations fails for BackfillAdminMod... (gitlab-org/gitlab#388935 - closed) | W? priority2 severity3 customer
- Admin mode doesn't enable access to group appli... (gitlab-org/gitlab#382553 - closed) | W? priority2 severity3 customer
- "Remember me" option fails with 500 error for S... (gitlab-org/gitlab#388976) | W? priority2 severity3 customer
- oauth2_generic provider allows user identity to... (gitlab-org/gitlab#345429) | W? priority2 severity3 customer
- When using SAML SSO, GitLab creates a user acco... (gitlab-org/gitlab#390345) | W? priority2 severity3 customer
- Scheduled group deletion fails with "Project 12... (gitlab-org/gitlab#403878 - closed) | W? priority2 severity3 customer
- First time password reset is broken for deactiv... (gitlab-org/gitlab#388284 - closed) | W? priority2 severity3 customer
- Enabling Omniauth causes GitLab to no longer re... (gitlab-org/gitlab#393593) | W? priority2 severity3 customer
- SAML group lock setting only visible if group S... (gitlab-org/gitlab#409003 - closed) | W? priority2 severity3 customer
- 500 deleting user: ActionView::Template::Error:... (gitlab-org/gitlab#395696 - closed) | W? priority2 severity3 internal customer
- Session duration setting breaks Gitlab (gitlab-org/gitlab#19469 - closed) | W? priority2 severity3 customer
- Unblocked users cannot see group projects added... (gitlab-org/gitlab#30278 - closed) | W? priority2 severity3 customer
- `undefined method `[]' for nil:NilClass` except... (gitlab-org/gitlab#366450 - closed) | W? priority3 severity3 customer
- Omniauth 500 when blocking new users (gitlab-org/gitlab#12178 - closed) | W? priority3 severity3 customer
- Roles do not get assigned to provider with name... (gitlab-org/gitlab#383713 - closed) | W? priority3 severity3 customer
- api/v4/groups/ID/saml_group_links/ for deleted... (gitlab-org/gitlab#383531) | W? priority3 severity3 customer
- sign_in_text not visible when password authenti... (gitlab-org/gitlab#375290 - closed) | W? priority3 severity3 customer
- Terms of service don't enforce acceptance of ch... (gitlab-org/gitlab#345524 - closed) | W? priority3 severity3 customer
- Standardise email format for IDN emails (gitlab-org/gitlab#382184) | W? priority3 severity3
- Redirect to created subgroup broken for owners ... (gitlab-org/gitlab#388136) | W? priority3 severity3
- https://gitlab.com/gitlab-org/gitlab/-/issues/379145+ | W2 priority3 severity4 Deliverable security
%16.2 or earlier typebug Deliverable currently open (for tracking purpose)
- Missing attributes in JIT provisioning throws w... (gitlab-org/gitlab#396696 - closed) | W2 priority2 severity2 customer Support Efficiency Deliverable
- Improve performance of `MemberRole.elevating` (gitlab-org/gitlab#411385 - closed) | W3 Deliverable
- Root user cannot sign in if password_automatica... (gitlab-org/gitlab#408162 - closed) | W2 priority2 severity2 customer Deliverable
- saml_message_max_byte_size is not having an aff... (gitlab-org/gitlab#376721 - closed) | W2 priority2 severity2 customer
- IdentityProviderPolicy may be incorrect (gitlab-org/gitlab#291007 - closed) | W2 priority2 severity2 Deliverable
- Multiple servers in hosts LDAP configuration fails (gitlab-org/gitlab#416226 - closed) | W2 priority2 severity2 Deliverable
typebug being worked on as Community contribution
typebug currently workflowblocked
typemaintenance list
Engineering prioritized 16.3Support prioritized list
Note: all Support issues are customer
- Already prioritized for 16.2-16.3: Automatic claims of enterprise users: Claim use... (gitlab-org&9675 - closed) | Total: W17 typefeature Support Priority
- Planned for 16.3: Unverified secondary emails are reserved (gitlab-org/gitlab#367823 - closed) | W3 typebug Support Priority priority2 severity3
- User experience for Minimal Access permission l... (gitlab-org/gitlab#341768 - closed) | W? typefeature Support Priority
- Planned for 16.3: Verify Group Link Configuration button (gitlab-org/gitlab#363812) | W3 typefeature Support Priority
- Add GitLab into the Azure Active Directory appl... (gitlab-org/gitlab#12251) | W5 typefeature Support Priority
- Add SAML support to Okta GitLab application (gitlab-org/gitlab#216173) | W5 typefeature Support Priority
- Group SSO redirects to the sign in page instead... (gitlab-org/gitlab#366076 - closed) | W2 typebug Support Efficiency priority2 severity3
- Planned for 16.3: Self-managed SAML - bypass 2 factor authenticat... (gitlab-org/gitlab#196131 - closed) | W3 typefeature Support Efficiency
- Allow Enterprise user to bypass confirmation fo... (gitlab-org/gitlab#393086 - closed) | W? typefeature Support Efficiency
- Planned for 16.3: Indicate to admins that users that are the sole... (gitlab-org/gitlab#337556 - closed) | W3 typefeature Support Efficiency
- Interrupt user to confirm recovery options (gitlab-org/gitlab#219051) | W3 typefeature Support Efficiency
- Better LDAP error logging (gitlab-org/gitlab#404740) | W3 typefeature Support Efficiency
%16.2
SlippedRelease Post Items
Status | Issue | Release Post MR |
---|---|---|
Ready | SAML Group Sync: Support Azure AD Overage Claim (gitlab-org&10507) | MR |
Initial draft, needs to be more feature complete before proceeding. Needs docs and video | Create new custom role in UI (gitlab-org/gitlab#393235 - closed) | MR |
Waiting on docs | E-Mail Notification to User and Project/Group M... (gitlab-org/gitlab#12704 - closed) | MR |
Ready | Add application settings changes to audit events (gitlab-org/gitlab#282428 - closed) | MR |
Draft | Extend the members roles API to include short n... (gitlab-org/gitlab#416751 - closed) | MR |