GitLab authentication with keycloak

Connecting with SAML (sems more simple with gitlab, OpenID connect needs to add a module?)

We have defined a client in keycloak and adapted the config at:
root@heu12:/etc/gitlab/gitlab.rb

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "saml",
     "label" => "fairlogin",
#     "app_id" => "YOUR APP ID",
#     "app_secret" => "YOUR APP SECRET",
     "args" => {
#         assertion_consumer_service_url: 'https://id.fairkom.net/users/auth/saml/callback',
         idp_cert: 'MIICoTCCAYkCBgFdsNTNQjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlmYWlybG9naW4wHhcNMTcwODA1MDUxNzAyWhcNMjcwOD$
         idp_sso_target_url: 'https://id.fairkom.net/auth/realms/fairlogin/protocol/saml',
         issuer: 'gitlab',
         name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
         attribute_statements: { email: ["urn:oid:1.2.840.113549.1.9.1"] },
#       "access_type" => "offline", 
#       "approval_prompt" => "" 
        }
   }
 ]

after changing the config you do

gitlab-ctl reconfigure
gitlab-ctl restart