Upgrade omniauth-saml to 2.1.0
What does this MR do and why?
- Diff: https://my.diffend.io/gems/omniauth-saml/2.0.0/2.1.0
- That also updates
ruby-saml
to1.12.0
, diff: https://my.diffend.io/gems/ruby-saml/1.9.0/1.12.0 - Biggest change in the update is attribute renames:
- issuer is converted to sp_entity_id
- idp_sso_target_url is converted to idp_sso_service_url
- idp_sso_target_url_runtime_params is converted to idp_sso_service_url_runtime_params
- ruby-saml deprecated the old names but they still work via reader methods:
- Updates in
ee/app/models/saml_provider.rb
ensure that group admins can test settings for group SAML. See issue for failure that occurred last time we attempted this update: #373803 (closed) - Fixes #374036 (closed)
Screenshots or screen recordings
After clicking "Verify SAML Configuration":
How to set up and validate locally
- Confirm that instance SAML still works
- Set up instance SAML: https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/saml.md#instance-saml-with-docker
- Confirm that sign up / sign in via SAML still works
- Confirm that group SAML still works
- Set up group SAML: https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/saml.md#group-saml
- Confirm that sign up / sign in via Group SAML still works (using
GitLab single sign-on URL
available viahttps://gdk.test:3443/groups/#GROUP_NAME/-/saml
)
- Confirm that group admin can "Verify SAML Configuration"
- Visit
https://gdk.test:3443/groups/#GROUP_NAME/-/saml
as a group admin after group SAML is configured - Click "Verify SAML Configuration" button
- There should be a "SAML Response Output" section on the page that shows that the configuration is valid. Example of what this looks like
- Visit
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Jessie Young