diff options
Diffstat (limited to 'doc/integration/omniauth.md')
| -rw-r--r-- | doc/integration/omniauth.md | 70 |
1 files changed, 48 insertions, 22 deletions
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 82e8fbdb93e..4e1d5ba9b35 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -39,7 +39,10 @@ contains some settings that are common for all providers. Before configuring individual OmniAuth providers there are a few global settings that are in common for all providers that we need to consider. -- Omniauth needs to be enabled, see details below for example. +> **NOTE:** +> Starting from GitLab 11.4, Omniauth is enabled by default. If you're using an +> earlier version, you'll need to explicitly enable it. + - `allow_single_sign_on` allows you to specify the providers you want to allow to automatically create an account. It defaults to `false`. If `false` users must be created manually or they will not be able to sign in via OmniAuth. @@ -50,16 +53,16 @@ that are in common for all providers that we need to consider. be blocked by default and will have to be unblocked by an administrator before they are able to sign in. ->**Note:** -If you set `block_auto_created_users` to `false`, make sure to only -define providers under `allow_single_sign_on` that you are able to control, like -SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on -the Internet will be able to successfully sign in to your GitLab without -administrative approval. - ->**Note:** -`auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP -and the OmniAuth provider. +> **Note:** +> If you set `block_auto_created_users` to `false`, make sure to only +> define providers under `allow_single_sign_on` that you are able to control, like +> SAML, Shibboleth, Crowd or Google, or set it to `false` otherwise any user on +> the Internet will be able to successfully sign in to your GitLab without +> administrative approval. +> +> **Note:** +> `auto_link_ldap_user` requires the `uid` of the user to be the same in both LDAP +> and the OmniAuth provider. To change these settings: @@ -74,7 +77,8 @@ To change these settings: and change: ```ruby - gitlab_rails['omniauth_enabled'] = true + # Versions prior to 11.4 require this to be set to true + # gitlab_rails['omniauth_enabled'] = nil # CAUTION! # This allows users to login without having a user account first. Define the allowed providers @@ -101,7 +105,8 @@ To change these settings: ## OmniAuth settings omniauth: # Allow login via Twitter, Google, etc. using OmniAuth providers - enabled: true + # Versions prior to 11.4 require this to be set to true + # enabled: true # CAUTION! # This allows users to login without having a user account first. Define the allowed providers @@ -227,21 +232,42 @@ In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings ->  +## Disabling Omniauth + +Starting from version 11.4 of GitLab, Omniauth is enabled by default. This only +has an effect if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources). + +If omniauth providers are causing problems even when individually disabled, you +can disable the entire omniauth subsystem by modifying the configuration file: + +**For Omnibus installations** + +```ruby +gitlab_rails['omniauth_enabled'] = false +``` + +**For installations from source** + +```yaml + omniauth: + enabled: false +``` + ## Keep OmniAuth user profiles up to date You can enable profile syncing from selected OmniAuth providers and for all or for specific user information. When authenticating using LDAP, the user's email is always synced. - ```ruby - gitlab_rails['sync_profile_from_provider'] = ['twitter', 'google_oauth2'] - gitlab_rails['sync_profile_attributes'] = ['name', 'email', 'location'] +```ruby + gitlab_rails['sync_profile_from_provider'] = ['twitter', 'google_oauth2'] + gitlab_rails['sync_profile_attributes'] = ['name', 'email', 'location'] ``` - **For installations from source** +**For installations from source** - ```yaml - omniauth: - sync_profile_from_provider: ['twitter', 'google_oauth2'] - sync_profile_attributes: ['email', 'location'] - ``` +```yaml + omniauth: + sync_profile_from_provider: ['twitter', 'google_oauth2'] + sync_profile_attributes: ['email', 'location'] +``` |