SAML Session Enforcement works with 2FA
What
Ensures that we store that a user is logged in with SAML SSO for a group when they are also using 2FA.
Why
Previously we didn't store anything when rendering the 2FA page.
This led to users being unable to sign in to GitLab for their groups in https://gitlab.com/gitlab-org/gitlab-ee/issues/11704, since enforced SSO meant they needed a stored SAML session to get access.
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11749
Related to RCA https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6750
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Liam McAndrew