GitLab authentication with keycloak
Connecting with SAML (sems more simple with gitlab, OpenID connect needs to add a module?)
We have defined a client in keycloak and adapted the config at:
root@heu12:/etc/gitlab/gitlab.rb
### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "saml",
"label" => "fairlogin",
# "app_id" => "YOUR APP ID",
# "app_secret" => "YOUR APP SECRET",
"args" => {
# assertion_consumer_service_url: 'https://id.fairkom.net/users/auth/saml/callback',
idp_cert: 'MIICoTCCAYkCBgFdsNTNQjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlmYWlybG9naW4wHhcNMTcwODA1MDUxNzAyWhcNMjcwOD$
idp_sso_target_url: 'https://id.fairkom.net/auth/realms/fairlogin/protocol/saml',
issuer: 'gitlab',
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
attribute_statements: { email: ["urn:oid:1.2.840.113549.1.9.1"] },
# "access_type" => "offline",
# "approval_prompt" => ""
}
}
]
after changing the config you do
gitlab-ctl reconfigure
gitlab-ctl restart