Unable to sign out of GitLab when auto_sign_in_with_provider is enabled
Description
Users logging out of GitLab are automatically signed in by the Identity Provider (idP) after applying the auto_sign_in_with_provider setting.
Environment
-
SSO enabled
-
Impacted offerings:
- GitLab Self-Managed
Workaround
This is a known limitation mentioned in the documentation for auto_sign_in_with_provider.
To prevent automatic sign-in, users must logout from the idP side before signing out from GitLab.
Cause
If a user logs out of GitLab, it doesn't destroy the idP session. Since automatic sign-in with provider is enabled and the idP session still exists, the user is automatically signed back in.
There are feature requests to implement this: