Skip to content

Sanitized RelayState redirect for Group SAML

James Edwards-Jones requested to merge jej/sanitize-group-saml-relay-state into master

Background

When users sign in with Group SAML SSO they are sent to an identity server which sends the user back to use after signing in. That server can also set or pass through a RelayState to say which page the user was trying to access and we'll redirect them there after GitLab sign in.

What

Santize the RelayState to prevent a redirect to external services

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Edited by James Edwards-Jones

Merge request reports

Loading