WIP: Prototype/experiment for GroupSAML SSO Enforcement
What does this MR do?
I've been experimenting locally with a prototype for https://gitlab.com/gitlab-org/gitlab-ee/issues/5291
So far it mostly covers "SSO enforcement prevents access to basic group resources" but I'll probably update it as I experiment.
Currently included:
- Group level access enforcement through UI
- Project level access enforcement through UI
- Redirect to sign in page when UI access prevented
- Background SSO session required for non-UI access. This covers enforcement for git access over SSH, but might also work for API access.
- Displays a different error message when Git access requires a new SSO session.
This MR will be closed in favour of new MRs as progress is made.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process. -
EE specific content should be in the top level /eefolder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -
Security reports checked/validated by reviewer
Edited by James Edwards-Jones