Relay state allowlist UI and controller changes
What does this MR do and why?
MR is for controller and UI changes as mentioned here
As per further discussion the setting is only needed at group level and not at instance level.
Hence with this MR we are getting rid of relay_state_domain_allowlist
column from Application Setting table.
Screenshots or screen recordings
Group level with Saml provider Relay state domain allowlist settings -
Migrations for remove column
How to set up and validate locally
- Enable Feature flag
relay_state_allowlist_implement
from the consoleFeature.enable(:relay_state_allowlist_implement)
- Configure Relay state allowlist either at group level or application level
- Configure Group Saml for the application https://docs.gitlab.com/ee/user/group/saml_sso/example_saml_config.html#okta
- At okta end specify
Default Relay State
configuration as one of the subpaths specified in allowlist, user should be redirected to the specified subpath after sign in - Specify
Default Relay state
as some value not in the allowlist, user should be redirected to root group path
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Smriti Garg