SAML SSO login error for accounts already connected via GitLab

security
#1

Hello,

We’ve enabled (not enforced) SAML SSO on our organization, and it seems to work fine for new users, though we are seeing this error for existing members that initially connected to Bitrise via GitLab:


Note: This may also affect other “built-in” SSO providers.

We’ve discovered a workaround/clue, which is just to temporarily remove the GitLab connection, then login via SSO, then re-enable the GitLab connection.

Tangent issue #1: GitLab 2FA asked when signing in with SSO ⤵️

An unexpected side-effect of the above-mentioned workaround is that, if such an account has 2FA enabled, then they’re always prompted for their GitLab 2FA code on login, even if they authenticate via SSO, which should probably take precedence over any 2FA requirement, no?

Tangent issue #2: Can't change email adderss ⤵️

On a related tangent, I need to change my account’s email address in order for it to be recognized in my SSO configuration, which was expected since it doesn’t match my organization’s email address. In order to change my email address, I need to enter my password. Since I signed up with GitLab, I don’t have a Bitrise password. How to I change my email address in this case? (I guess I can try the “forgot/reset password” flow?) Maybe would be better as a separate issue?

Please let me know if these are known issues, or if you need any assistance debugging them. Thanks, and looking forward to a fix!

0 Likes

#2

It seems I can’t reproduce the main issue anymore, as my colleagues no longer have any issue connecting—was it recently fixed? Thanks, in any case!

I’ll close this issue for now, though the “tangent issues” may still be relevant, in which case I’ll open another topic.

0 Likes