diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-12-21 17:38:37 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-12-21 17:38:37 +0100 |
| commit | 9832e60ffb801427453301c6da4675f81518cdeb (patch) | |
| tree | dc8e1b7692be8cde7e57b7059de23385e177beed /config | |
| parent | e209ba7002238459b56ced1f5b4a7ce8bd6e2b8b (diff) | |
| parent | 7fc2422c8d660d310b819b2b6ffbca9a9e4d8cd6 (diff) | |
| download | gitlab-ce-9832e60ffb801427453301c6da4675f81518cdeb.tar.gz | |
Merge branch 'tduehr/gitlab-ce-cas-support'
Diffstat (limited to 'config')
| -rw-r--r-- | config/gitlab.yml.example | 13 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 4 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 10 |
3 files changed, 27 insertions, 0 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index db378118f85..fcf034d7911 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -287,6 +287,15 @@ production: &base # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: + # See omniauth-cas3 for more configuration details + # - { name: 'cas3', + # label: 'cas3', + # args: { + # url: 'https://sso.example.com', + # disable_ssl_verification: false, + # login_url: '/cas/login', + # service_validate_url: '/cas/p3/serviceValidate', + # logout_url: '/cas/logout'} } # - { name: 'github', # app_id: 'YOUR_APP_ID', # app_secret: 'YOUR_APP_SECRET', @@ -324,6 +333,10 @@ production: &base # application_name: 'YOUR_APP_NAME', # application_password: 'YOUR_APP_PASSWORD' } } + # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours. + # cas3: + # session_duration: 28800 + # Shared file storage settings shared: # path: /mnt/gitlab # Default: shared diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index d3d27c762aa..1043fc01ab1 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -126,6 +126,10 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil? Settings.omniauth['providers'] ||= [] +Settings.omniauth['cas3'] ||= Settingslogic.new({}) +Settings.omniauth.cas3['session_duration'] ||= 8.hours +Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) +Settings.omniauth.session_tickets['cas3'] = 'ticket' Settings['shared'] ||= Settingslogic.new({}) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5fb43a86e13..92149826da7 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -241,6 +241,16 @@ Devise.setup do |config| # An Array from the configuration will be expanded. provider_arguments.concat provider['args'] when Hash + # Add procs for handling SLO + if provider['name'] == 'cas3' + provider['args'][:on_single_sign_out] = lambda do |request| + ticket = request.params[:session_index] + raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket) + Gitlab::OAuth::Session.destroy(:cas3, ticket) + true + end + end + # A Hash from the configuration will be passed as is. provider_arguments << provider['args'].symbolize_keys end |