0x00
编辑gitlab.rb
文件
找到 OmniAuth Settings 配置块,按需
修改下面的选项:
### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = true
gitlab_rails['omniauth_sync_profile_from_provider'] = true
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = true
# gitlab_rails['omniauth_external_providers'] = []
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
在 gitlab_rails['omniauth_providers']
配置项,添加如下内容:
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'label' => '<label>',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile'],
'response_type' => 'code',
# realm url
'issuer' => 'https://<keycloak-url>/auth/realms/fuzzypaws',
#Gitlab fetch all the endpoints from
#https://<keycloak-url>/auth/realms/<realm>/.well-known/openid-configuration
'discovery' => true,
'client_auth_method' => 'basic',
#Client Configuration
'client_options' => {
'identifier' => '<Client-ID>',
'secret' => '<Cliend-Secret>',
'redirect_uri' => 'https://<gitlab-url>/users/auth/openid_connect/callback'
}
}
}
]
注意修改gitlab_rails['omniauth_providers']
配置块内的 'name'
时,需要同步修改gitlab_rails['omniauth_allow_single_sign_on']
里的内容,内容采用列表形式,如['keycloak','github','twitter']
0x02
保存,重启或者使用下面的命令重新配置gitlab:
gitlab-ctl reconfigure
即可在登陆见面看见gitlab登陆入口。