trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/integrations/services/gitlab/index.md
Jens L 7be680cbe5
Migrate to Docusaurus (#329) 
* docs: initial migration to docusaurus

* website: add custom font, update blurbs and icons

* website: update splash

* root: update links to docs

* flows: use .pbflow extension so docusaurus doesn't mangle the files

* e2e: workaround prospector

* Squashed commit of the following:

commit 1248585dca
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Sun Nov 15 20:46:53 2020 +0100

    e2e: attempt to fix prospector error again

commit 1319c480c4
Author: Jens Langhammer <jens.langhammer@beryju.org>
Date:   Sun Nov 15 20:41:35 2020 +0100

    ci: install previous python version for upgrade testing

* web: update accent colours and format

* website: format markdown files

* website: fix colours for text

* website: switch to temporary accent colour to improve readability

* flows: fix path for TestTransferDocs

* flows: fix formatting of tests
2020-11-15 22:42:02 +01:00

2.6 KiB
Raw Blame History

title
GitLab

What is GitLab

From https://about.gitlab.com/what-is-gitlab/

:::note GitLab is a complete DevOps platform, delivered as a single application. This makes GitLab unique and makes Concurrent DevOps possible, unlocking your organization from the constraints of a pieced together toolchain. Join us for a live Q&A to learn how GitLab can give you unmatched visibility and higher levels of efficiency in a single application across the DevOps lifecycle. :::

Preparation

The following placeholders will be used:

  • gitlab.company is the FQDN of the GitLab Install
  • passbook.company is the FQDN of the passbook Install

Create an application in passbook and note the slug, as this will be used later. Create a SAML provider with the following parameters:

  • ACS URL: https://gitlab.company/users/auth/saml/callback
  • Audience: https://gitlab.company
  • Issuer: https://gitlab.company
  • Binding: Post

You can of course use a custom signing certificate, and adjust durations. To get the value for idp_cert_fingerprint, you can use a tool like this.

GitLab Configuration

Paste the following block in your gitlab.rb file, after replacing the placeholder values from above. The file is located in /etc/gitlab.

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
  {
    name: 'saml',
    args: {
      assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback',
      idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A',
      idp_sso_target_url: 'https://passbook.company/application/saml/<passbook application slug>/sso/binding/post/',
      issuer: 'https://gitlab.company',
      name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
      attribute_statements: {
        email: ['urn:oid:1.3.6.1.4.1.5923.1.1.1.6'],
        first_name: ['urn:oid:2.5.4.3'],
        nickname: ['urn:oid:2.16.840.1.113730.3.1.241']
      }
    },
    label: 'passbook'
  }
]

Afterwards, either run gitlab-ctl reconfigure if you're running GitLab Omnibus, or restart the container if you're using the container.