Hi, I'm in the process of altering a GitLab installation to use SAML rather than LDAP for authentication.
At this point, users can successfully sign into the Web application using the 'Sign in with Saml' button. I have a question, however, on what seems to be a difference between the LDAP and SAML approaches: users with accounts created via an LDAP sign-in can then access Git repositories (e.g. clone, push, ...) using their LDAP usernames and passwords, but users with accounts created via a SAML sign-in cannot. Based on a bit of exploration, it looks like we might need to set a separate GitLab account password after the SAML interaction which causes the GitLab account to be created - we've deduced this from a message that appears after creating a project under one of the new user accounts: 'You won't be able to pull or push project code via HTTPS until you set a password on your account'. My question is whether setting and maintaining this separate password is truly necessary, or if we have instead misconfigured the SAML integration. I'm very hazy on precisely what's going on behind the scenes with respect to account management and synchronization, so any pointers or clarifications would be appreciated. Thanks, Josh -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/feb4dcae-0ada-462b-8dc9-4b814f3ad944%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
