Clarify autolink users for SAML provider
What does this MR do?
The OmniAuth docs incorrectly suggests you can use the gitlab_rails['omniauth_auto_link_user']
setting for the SAML provider.
If a GitLab instance is using the SAML provider and if a user adds the following to their gitlab.rb
file, this will not work:
gitlab_rails['omniauth_auto_link_user'] = ['saml']
This setting will work however:
gitlab_rails['omniauth_auto_link_saml_user'] = true
This discrepancy is confusing.
Code analysis
By default, OmniAuth users are auto linked here https://gitlab.com/gitlab-org/gitlab/-/blob/v14.1.2-ee/lib/gitlab/auth/o_auth/user.rb#L75. This then calls auto_link_user?
and then it looks at Gitlab.config.omniauth.auto_link_user
https://gitlab.com/gitlab-org/gitlab/-/blob/v14.1.2-ee/lib/gitlab/auth/o_auth/user.rb#L286
For the SAML provider, SAML users are auto linked here https://gitlab.com/gitlab-org/gitlab/-/blob/v14.1.2-ee/lib/gitlab/auth/saml/user.rb#L21. This then calls auto_link_saml_user?
(notice the different def name) and then it looks at Gitlab.config.omniauth.auto_link_saml_user
https://gitlab.com/gitlab-org/gitlab/-/blob/v14.1.2-ee/lib/gitlab/auth/saml/user.rb#L50
This MR adds a note that users that look at this page and wish to auto link SAML users must use the SAML specific auto link setting instead.
Related issues
Author's checklist
-
Follow the: -
Ensure that the product tier badge is added to topic's h1
. -
Request a review based on the: - The documentation page's metadata.
- The associated Technical Writer.
If you are only adding documentation, do not add any of the following labels:
~"feature"
~"frontend"
~"backend"
~"bug"
~"database"
These labels cause the MR to be added to code verification QA issues.
Review checklist
Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.
-
If the content requires it, ensure the information is reviewed by a subject matter expert. - Technical writer review items:
-
Ensure docs metadata is present and up-to-date. -
Ensure the appropriate labels are added to this MR. - If relevant to this MR, ensure content topic type principles are in use, including:
-
The headings should be something you'd do a Google search for. Instead of Default behavior
, say something likeDefault behavior when you close an issue
. -
The headings (other than the page title) should be active. Instead of Configuring GDK
, say something likeConfigure GDK
. -
Any task steps should be written as a numbered list. - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
-
-
-
Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review. -
Ensure a release milestone is set.