6548e01f18
SAML and OAuth failures should cause a message to be presented, as well as logging that an attempt was made. These were incorrectly prevented by the CSRF check on POST endpoints such as SAML. In addition we were using a NullSession forgery protection, which made testing more difficult and could have allowed account linking to take place if a CSRF was ever needed but not present.
5 lines
114 B
YAML
5 lines
114 B
YAML
---
|
|
title: Display SAML failure messages instead of expecting CSRF token
|
|
merge_request: 24509
|
|
author:
|
|
type: fixed
|