Commit fa711cfd authored by Mike Jang's avatar Mike Jang

Merge branch '225503-document-omniauth-social-sign-in-password-security' into 'master'

Resolve "Document OmniAuth/Social sign-in password security"

See merge request gitlab-org/gitlab!39413
parents 23e8e42f 16971745
......@@ -310,6 +310,10 @@ attribute. As a prerequisite, you must use an LDAP server that:
1. Save the file and [restart](../restart_gitlab.md#installations-from-source)
GitLab for the changes to take effect.
## Passwords for users created via smartcard authentication
The [Generated passwords for users created through integrated authentication](../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via smartcard authentication.
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
......
......@@ -324,3 +324,7 @@ of the OmniAuth users has admin permissions.
You may also bypass the auto signin feature by browsing to
`https://gitlab.example.com/users/sign_in?auto_sign_in=false`.
## Passwords for users created via OmniAuth
The [Generated passwords for users created through integrated authentication](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via OmniAuth.
......@@ -584,6 +584,10 @@ These attributes define the SAML user. If users can change these attributes, the
Refer to the documentation for your SAML Identity Provider for information on how to fix these attributes.
## Passwords for users created via SAML
The [Generated passwords for users created through integrated authentication](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML.
## Troubleshooting
You can find the base64-encoded SAML Response in the [`production_json.log`](../administration/logs.md#production_jsonlog).
......
......@@ -7,6 +7,7 @@ type: index
- [Password storage](password_storage.md)
- [Password length limits](password_length_limits.md)
- [Generated passwords for users created through integrated authentication](passwords_for_integrated_authentication_methods.md)
- [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md)
- [Rate limits](rate_limits.md)
- [Webhooks and insecure internal web services](webhooks.md)
......
---
type: reference
---
# Generated passwords for users created through integrated authentication
GitLab allows users to set up accounts through integration with external [authentication and authorization providers](../administration/auth/README.md).
These authentication methods do not require the user to explicitly create a password for their accounts.
However, to maintain data consistency, GitLab requires passwords for all user accounts.
For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.
......@@ -301,6 +301,10 @@ Group SAML on a self-managed instance is limited when compared to the recommende
- { name: 'group_saml' }
```
## Passwords for users created via SAML SSO for Groups
The [Generated passwords for users created through integrated authentication](../../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML SSO for Groups.
## Troubleshooting
This section contains possible solutions for problems you might encounter.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment