diff options
Diffstat (limited to 'doc/administration/auth/oidc.md')
-rw-r--r-- | doc/administration/auth/oidc.md | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index efe4b7440ee..a099b9c76f8 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -1,7 +1,7 @@ --- type: reference stage: Manage -group: Authentication & Authorization +group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -461,6 +461,65 @@ To use symmetric key encryption: If after reconfiguring, you see the error `JSON::JWS::VerificationFailed` error message, this means the incorrect secret was specified. +#### Casdoor + +GitLab works with OpenID providers that use HTTPS. To connect to GitLab using OpenID with Casdoor, use HTTPS instead of HTTP. + +For your app, complete the following steps on Casdoor: + +1. Get a client ID and a client secret. +1. Add your GitLab redirect URL. For example, if your GitLab domain is `gitlab.example.com`, ensure the Casdoor app has the following + `Redirect URI`: `https://gitlab.example.com/users/auth/openid_connect/callback`. + +See the [Casdoor documentation](https://casdoor.org/docs/integration/gitlab) for more details. + +Example Omnibus GitLab configuration (file path: `/etc/gitlab/gitlab.rb`): + +```ruby +gitlab_rails['omniauth_providers'] = [ + { + name: "openid_connect", + label: "Casdoor", # optional label for login button, defaults to "Openid Connect" + args: { + name: "openid_connect", + scope: ["openid", "profile", "email"], + response_type: "code", + issuer: "https://<CASDOOR_HOSTNAME>", + client_auth_method: "query", + discovery: true, + uid_field: "sub", + client_options: { + identifier: "<YOUR CLIENT ID>", + secret: "<YOUR CLIENT SECRET>", + redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback" + } + } + } +] +``` + +Example installations from source configuration (file path: `config/gitlab.yml`): + +```yaml + - { name: 'openid_connect', + label: 'Casdoor', # optional label for login button, defaults to "Openid Connect" + args: { + name: 'openid_connect', + scope: ['openid','profile','email'], + response_type: 'code', + issuer: 'https://<CASDOOR_HOSTNAME>', + discovery: true, + client_auth_method: 'query', + uid_field: 'sub', + client_options: { + identifier: '<YOUR CLIENT ID>', + secret: '<YOUR CLIENT SECRET>', + redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback' + } + } + } +``` + ## General troubleshooting If you're having trouble, here are some tips: |