diff options
Diffstat (limited to 'doc/integration/shibboleth.md')
-rw-r--r-- | doc/integration/shibboleth.md | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/integration/shibboleth.md b/doc/integration/shibboleth.md index 71ac6012ce6..4cc686cc0b6 100644 --- a/doc/integration/shibboleth.md +++ b/doc/integration/shibboleth.md @@ -16,7 +16,7 @@ The following changes are needed to enable Shibboleth: 1. Protect OmniAuth Shibboleth callback URL: - ``` + ```apache <Location /users/auth/shibboleth/callback> AuthType shibboleth ShibRequestSetting requireSession 1 @@ -36,7 +36,7 @@ The following changes are needed to enable Shibboleth: 1. Exclude Shibboleth URLs from rewriting. Add `RewriteCond %{REQUEST_URI} !/Shibboleth.sso` and `RewriteCond %{REQUEST_URI} !/shibboleth-sp`. Config should look like this: - ``` + ```apache # Apache equivalent of Nginx try files RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f @@ -46,8 +46,12 @@ The following changes are needed to enable Shibboleth: RequestHeader set X_FORWARDED_PROTO 'https' ``` -1. Edit `/etc/gitlab/gitlab.rb` configuration file to enable OmniAuth and add - Shibboleth as an OmniAuth provider. User attributes will be sent from the + **NOTE:** + Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an + earlier version, you'll need to explicitly enable it in `/etc/gitlab/gitlab.rb`. + +1. In addition, add Shibboleth to `/etc/gitlab/gitlab.rb` as an OmniAuth provider. + User attributes will be sent from the Apache reverse proxy to GitLab as headers with the names from the Shibboleth attribute mapping. Therefore the values of the `args` hash should be in the form of `"HTTP_ATTRIBUTE"`. The keys in the hash are arguments |