Enforced SSO shouldn't break container registry authentication (!14843) · Merge requests · GitLab.org / GitLab

James Edwards-Jones requested to merge jej/fix-sso-enforced-docker-registry-auth into master Jul 25, 2019

What

Prevents JwtController from triggering session based permission checks

Why

This was breaking Docker Registry access when Group SAML SSO session enforcement was enabled.

JwtController is used to issue JWT bearer tokens, which are used for access to the Docker Container Registry. Instead of using an existing rail session this controller allows access via credentials and issues a session-less token. Because of this it doesn't make sense to check/store the session for things like Group SAML enforcement.

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/12701

Conformity

Changelog entry
Documentation created/updated or follow-up review issue created

Edited Aug 22, 2019 by James Edwards-Jones

Enforced SSO shouldn't break container registry authentication

What

Why

Related

Conformity

Merge request reports