Add documentation on password generation for authentication methods

This change adds documentation on password generation for authentication methods

Add documentation on password generation for authentication methods
This change adds documentation on password generation for authentication methods
979c663f · manojmj · 35b58684 · 979c663f · 979c663f · 979c663f
Commit 979c663f authored Aug 13, 2020 by manojmj
6 changed files
--- a/doc/administration/auth/smartcard.md
+++ b/doc/administration/auth/smartcard.md
@@ -310,6 +310,10 @@ attribute. As a prerequisite, you must use an LDAP server that:
 1. Save the file and [restart](../restart_gitlab.md#installations-from-source)
   GitLab for the changes to take effect.

+## Passwords for users created via smartcard authentication
+
+The [How we generate passwords for users created via integrated authentication methods](../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via smartcard authentication.
+
 <!-- ## Troubleshooting

 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -324,3 +324,7 @@ of the OmniAuth users has admin permissions.

 You may also bypass the auto signin feature by browsing to
 `https://gitlab.example.com/users/sign_in?auto_sign_in=false`.
+
+## Passwords for users created via OmniAuth
+
+The [How we generate passwords for users created via integrated authentication methods](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via OmniAuth.
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -584,6 +584,10 @@ These attributes define the SAML user. If users can change these attributes, the

 Refer to the documentation for your SAML Identity Provider for information on how to fix these attributes.

+## Passwords for users created via SAML
+
+The [How we generate passwords for users created via integrated authentication methods](../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML.
+
 ## Troubleshooting

 You can find the base64-encoded SAML Response in the [`production_json.log`](../administration/logs.md#production_jsonlog).

--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -7,6 +7,7 @@ type: index

 - [Password storage](password_storage.md)
 - [Password length limits](password_length_limits.md)
+- [How we generate passwords for users created via integrated authentication methods](passwords_for_integrated_authentication_methods.md)
 - [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md)
 - [Rate limits](rate_limits.md)
 - [Webhooks and insecure internal web services](webhooks.md)

--- a/doc/security/passwords_for_integrated_authentication_methods.md
+++ b/doc/security/passwords_for_integrated_authentication_methods.md
+---
+type: reference
+---
+
+# How we generate passwords for users created via integrated authentication methods
+
+GitLab allows users to create accounts using different [authentication methods](../administration/auth/README.md) like OmniAuth, SAML, SCIM, Smartcard authentication etc.
+
+These authentication methods does not require the user to explicitly create a password for their account upon signup. However, to maintain data consistency, GitLab requires each user account to have a password associated with it.
+
+For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
+
+The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -300,6 +300,10 @@ Group SAML on a self-managed instance is limited when compared to the recommende
          - { name: 'group_saml' }
    ```

+## Passwords for users created via SAML SSO for Groups
+
+The [How we generate passwords for users created via integrated authentication methods](../../../security/passwords_for_integrated_authentication_methods.md) guide provides an overview of how GitLab generates and sets passwords for users created via SAML SSO for Groups.
+
 ## Troubleshooting

 This section contains possible solutions for problems you might encounter.