summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2016-02-18 19:46:35 +0000
committerRobert Speicher <robert@gitlab.com>2016-02-18 19:46:35 +0000
commitc04e22fba8d130a58f498ff48127712d7dae17ee (patch)
tree341590a61401b0ae52317dbaca35c65471f9acad /config
parent0feab326d52222dc0ab5bd0a6b15dab297f44aa9 (diff)
parentf014127e173b718b81879634c1dac9191184995c (diff)
downloadgitlab-ce-c04e22fba8d130a58f498ff48127712d7dae17ee.tar.gz
Merge branch 'saml-decoupling' into 'master'
Decouple SAML authentication from the default Omniauth logic Fixes gitlab-org/gitlab-ee#178 With this merge request SAML gets its own login logic and its own `User` class under `lib/gitlab/saml/` This is needed to give SAML more versatility over how the authorization process works and to pave the way for the development of a SAML group sync as outlined here: gitlab-org/gitlab-ee#118 See merge request !2782
Diffstat (limited to 'config')
-rw-r--r--config/gitlab.yml.example11
1 files changed, 9 insertions, 2 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index faf05ecd466..b6954b3152b 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -288,15 +288,22 @@ production: &base
# auto_sign_in_with_provider: saml
# CAUTION!
- # This allows users to login without having a user account first (default: false).
+ # This allows users to login without having a user account first. Define the allowed
+ # providers using an array, e.g. ["saml", "twitter"]
# User accounts will be created automatically when authentication was successful.
- allow_single_sign_on: false
+ allow_single_sign_on: ["saml"]
+
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: true
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user: false
+ # Allow users with existing accounts to login and auto link their account via SAML
+ # login, without having to do a manual login first and manually add SAML
+ # (default: false)
+ auto_link_saml_user: false
+
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others: