diff options
| author | Stan Hu <stanhu@gmail.com> | 2019-06-06 15:56:08 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-06-06 16:24:23 -0700 |
| commit | 6dcbf1f5bf6721cbc0c84bddbc3ee86b6e504901 (patch) | |
| tree | e3899d8ab7b1fcc72b4ddfe1aba2835b8e14c25a | |
| parent | 40a9d05464960bfdef2612e2b6e4c5c2752d4663 (diff) | |
| download | gitlab-ce-sh-improve-openid-docs.tar.gz | |
Fix OpenID Connect documentationsh-improve-openid-docs
Many users were unable to get logins working with OpenID Connect because
of a missing `name` argument in the configuration. This resulted in 404s
immediately after attempting to login. This describes the workaround
mentioned in
https://gitlab.com/gitlab-org/gitlab-ce/issues/62208#note_178774809.
This also adds an example profile for using Google.
| -rw-r--r-- | doc/administration/auth/oidc.md | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index e55f7dbb4df..df4f22aa3e7 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to { 'name' => 'openid_connect', 'label' => '<your_oidc_label>', 'args' => { + "name' => 'openid_connect', 'scope' => ['openid','profile'], 'response_type' => 'code', 'issuer' => '<your_oidc_url>', @@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to - { name: 'openid_connect', label: '<your_oidc_label>', args: { + name: 'openid_connect', scope: ['openid','profile'], response_type: 'code', issuer: '<your_oidc_url>', @@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user will be redirected to GitLab and will be signed in. + +## Example configurations + +The following configurations illustrate how to set up OpenID with +different providers with Omnibus GitLab. + +### Google + +See the [Google +documentation](https://developers.google.com/identity/protocols/OpenIDConnect) +for more details: + +```ruby + gitlab_rails['omniauth_providers'] = [ + { + 'name' => 'openid_connect', + 'label' => 'Google OpenID', + 'args' => { + 'name' => 'openid_connect', + 'scope' => ['openid', 'profile', 'email'], + 'response_type' => 'code', + 'issuer' => 'https://accounts.google.com', + 'client_auth_method' => 'query', + 'discovery' => true, + 'uid_field' => 'preferred_username', + 'client_options' => { + 'identifier' => '<YOUR PROJECT CLIENT ID>', + 'secret' => '<YOUR PROJECT CLIENT SECRET>', + 'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback', + } + } + } +``` |