Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow oauth login direct to group level url instead of gitlab.com #310

Open
cforce opened this issue Jul 14, 2022 · 3 comments
Open

allow oauth login direct to group level url instead of gitlab.com #310

cforce opened this issue Jul 14, 2022 · 3 comments

Comments

@cforce
Copy link

cforce commented Jul 14, 2022

We have an group on gitlab.com which is secured by SAML. That means if you use the url "gitlab.com/groups/mycompany" you will be redirected to the company SSO and forced to login via the company saml SSO provider.
The issue is that if i register with "/gitlab connect" i get an url created in mattermost which sends me to gitlab.com instead of gitlab.com/groups/mycompany and there i only get the standard gitlab auth sso provider but not the company SSO login redirect. Finally i am not able to login and worst case user enters secret creds into the public gitlab oauth provider login from.
Is there a way to configure what url is used on "/gitlab connect and directly sent it to group level. I already configured to restrict on group mycompany which did not solve my issue.

@nab-77
Copy link

nab-77 commented Sep 28, 2022

@mickmister is this an enhancement or bug?

@mickmister
Copy link
Contributor

@cforce Thanks for filing this issue. Are you able to provide a minimal reproducible GitLab config that will help me investigate this further? I'm not sure how to reproduce your environment with SAML and GitLab groups. Also, did you install the OAuth app within the group's applications specifically like https://gitlab.com/groups/mycompany/-/settings/applications, as opposed to https://gitlab.com/-/profile/applications?

@nab-77 At the moment I believe this is not supported. The URL we redirect the user to is an OAuth authorization URL https://gitlab.com/oauth/authorize. GitLab's OAuth docs don't mention any support about specifying groups https://docs.gitlab.com/ee/api/oauth2.html. At the moment, I don't see a way to configure this URL to use the SAML authentication.

@fabwamb
Copy link

fabwamb commented Sep 29, 2022

The application entry exists and there are no options which can have any impact on the url that is used to make sure the Group SAML IDP is used.
Maybe related to https://gitlab.com/gitlab-org/gitlab/-/issues/215155#note_1118714027

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants