diff options
Diffstat (limited to 'doc/integration')
| -rw-r--r-- | doc/integration/akismet.md | 2 | ||||
| -rw-r--r-- | doc/integration/azure.md | 96 | ||||
| -rw-r--r-- | doc/integration/oauth_provider.md | 4 | ||||
| -rw-r--r-- | doc/integration/openid_connect_provider.md | 6 | ||||
| -rw-r--r-- | doc/integration/shibboleth.md | 4 | ||||
| -rw-r--r-- | doc/integration/twitter.md | 99 |
6 files changed, 104 insertions, 107 deletions
diff --git a/doc/integration/akismet.md b/doc/integration/akismet.md index 4f7be70baf2..cb8f25d2895 100644 --- a/doc/integration/akismet.md +++ b/doc/integration/akismet.md @@ -3,7 +3,7 @@ > *Note:* Before 8.11 only issues submitted via the API and for non-project members were submitted to Akismet. -GitLab leverages [Akismet](http://akismet.com) to protect against spam. Currently +GitLab leverages [Akismet](https://akismet.com/) to protect against spam. Currently GitLab uses Akismet to prevent the creation of spam issues on public projects. Issues created via the WebUI or the API can be submitted to Akismet for review. diff --git a/doc/integration/azure.md b/doc/integration/azure.md index 7a6d4bb143f..a9468f201ef 100644 --- a/doc/integration/azure.md +++ b/doc/integration/azure.md @@ -2,21 +2,21 @@ To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your application with Azure. Azure will generate a client ID and secret key for you to use. -1. Sign in to the [Azure Management Portal](https://manage.windowsazure.com). +1. Sign in to the [Azure Management Portal](https://portal.azure.com). -1. Select "Active Directory" on the left and choose the directory you want to use to register GitLab. +1. Select "Active Directory" on the left and choose the directory you want to use to register GitLab. -1. Select "Applications" at the top bar and click the "Add" button the bottom. +1. Select "Applications" at the top bar and click the "Add" button the bottom. -1. Select "Add an application my organization is developing". +1. Select "Add an application my organization is developing". -1. Provide the project information and click the "Next" button. - - Name: 'GitLab' works just fine here. - - Type: 'WEB APPLICATION AND/OR WEB API' +1. Provide the project information and click the "Next" button. + - Name: 'GitLab' works just fine here. + - Type: 'WEB APPLICATION AND/OR WEB API' -1. On the "App properties" page enter the needed URI's and click the "Complete" button. - - SIGN-IN URL: Enter the URL of your GitLab installation (e.g `https://gitlab.mycompany.com/`) - - APP ID URI: Enter the endpoint URL for Microsoft to use, just has to be unique (e.g `https://mycompany.onmicrosoft.com/gitlab`) +1. On the "App properties" page enter the needed URI's and click the "Complete" button. + - SIGN-IN URL: Enter the URL of your GitLab installation (e.g `https://gitlab.mycompany.com/`) + - APP ID URI: Enter the endpoint URL for Microsoft to use, just has to be unique (e.g `https://mycompany.onmicrosoft.com/gitlab`) 1. Select "Configure" in the top menu. @@ -30,59 +30,59 @@ To enable the Microsoft Azure OAuth2 OmniAuth provider you must register your ap 1. You will see lots of endpoint URLs in the form `https://login.microsoftonline.com/TENANT ID/...`, note down the TENANT ID part of one of those endpoints. -1. On your GitLab server, open the configuration file. +1. On your GitLab server, open the configuration file. - For omnibus package: + For omnibus package: - ```sh - sudo editor /etc/gitlab/gitlab.rb - ``` + ```sh + sudo editor /etc/gitlab/gitlab.rb + ``` - For installations from source: + For installations from source: - ```sh - cd /home/git/gitlab + ```sh + cd /home/git/gitlab - sudo -u git -H editor config/gitlab.yml - ``` + sudo -u git -H editor config/gitlab.yml + ``` -1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. +1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. -1. Add the provider configuration: +1. Add the provider configuration: - For omnibus package: + For omnibus package: - ```ruby - gitlab_rails['omniauth_providers'] = [ - { - "name" => "azure_oauth2", - "args" => { - "client_id" => "CLIENT ID", - "client_secret" => "CLIENT SECRET", - "tenant_id" => "TENANT ID", - } - } - ] - ``` + ```ruby + gitlab_rails['omniauth_providers'] = [ + { + "name" => "azure_oauth2", + "args" => { + "client_id" => "CLIENT ID", + "client_secret" => "CLIENT SECRET", + "tenant_id" => "TENANT ID", + } + } + ] + ``` - For installations from source: + For installations from source: - ``` - - { name: 'azure_oauth2', - args: { client_id: "CLIENT ID", - client_secret: "CLIENT SECRET", - tenant_id: "TENANT ID" } } - ``` + ``` + - { name: 'azure_oauth2', + args: { client_id: "CLIENT ID", + client_secret: "CLIENT SECRET", + tenant_id: "TENANT ID" } } + ``` - The `base_azure_url` is optional and can be added for different locales; - e.g. `base_azure_url: "https://login.microsoftonline.de"`. + The `base_azure_url` is optional and can be added for different locales; + e.g. `base_azure_url: "https://login.microsoftonline.de"`. -1. Replace 'CLIENT ID', 'CLIENT SECRET' and 'TENANT ID' with the values you got above. +1. Replace 'CLIENT ID', 'CLIENT SECRET' and 'TENANT ID' with the values you got above. -1. Save the configuration file. +1. Save the configuration file. -1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you - installed GitLab via Omnibus or from source respectively. +1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you + installed GitLab via Omnibus or from source respectively. On the sign in page there should now be a Microsoft icon below the regular sign in form. Click the icon to begin the authentication process. Microsoft will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in. diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index c02a29dffb4..b9dc2e123c5 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -11,7 +11,7 @@ If you want to use: ## Introduction to OAuth -[OAuth] provides to client applications a 'secure delegated access' to server +[OAuth](https://oauth.net/2/) provides to client applications a 'secure delegated access' to server resources on behalf of a resource owner. In fact, OAuth allows an authorization server to issue access tokens to third-party clients with the approval of the resource owner, or the end-user. @@ -85,5 +85,3 @@ application can perform such as `read_user` and `api`. There are many more scope available. At any time you can revoke any access by just clicking **Revoke**. - -[oauth]: http://oauth.net/2/ "OAuth website" diff --git a/doc/integration/openid_connect_provider.md b/doc/integration/openid_connect_provider.md index a7f907254a1..89f4924d717 100644 --- a/doc/integration/openid_connect_provider.md +++ b/doc/integration/openid_connect_provider.md @@ -5,7 +5,7 @@ to sign in to other services. ## Introduction to OpenID Connect -[OpenID Connect] \(OIDC) is a simple identity layer on top of the +[OpenID Connect](https://openid.net/connect/) \(OIDC) is a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the end-user based on the authentication performed by GitLab, as well as to obtain basic profile information about the end-user in an interoperable and @@ -14,7 +14,7 @@ but does so in a way that is API-friendly, and usable by native and mobile applications. On the client side, you can use [omniauth-openid-connect] for Rails -applications, or any of the other available [client implementations]. +applications, or any of the other available [client implementations](https://openid.net/developers/libraries/#connect). GitLab's implementation uses the [doorkeeper-openid_connect] gem, refer to its README for more details about which parts of the specifications @@ -46,8 +46,6 @@ Currently the following user information is shared with clients: Only the `sub` and `sub_legacy` claims are included in the ID token, all other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients. -[OpenID Connect]: http://openid.net/connect/ "OpenID Connect website" [doorkeeper-openid_connect]: https://github.com/doorkeeper-gem/doorkeeper-openid_connect "Doorkeeper::OpenidConnect website" [OAuth guide]: oauth_provider.md "GitLab as OAuth2 authentication service provider" [omniauth-openid-connect]: https://github.com/jjbohn/omniauth-openid-connect/ "OmniAuth::OpenIDConnect website" -[client implementations]: http://openid.net/developers/libraries#connect "List of available client implementations" diff --git a/doc/integration/shibboleth.md b/doc/integration/shibboleth.md index 616f3a76b2c..07c83c1a049 100644 --- a/doc/integration/shibboleth.md +++ b/doc/integration/shibboleth.md @@ -5,8 +5,8 @@ This documentation is for enabling shibboleth with omnibus-gitlab package. In order to enable Shibboleth support in gitlab we need to use Apache instead of Nginx (It may be possible to use Nginx, however this is difficult to configure using the bundled Nginx provided in the omnibus-gitlab package). Apache uses mod_shib2 module for shibboleth authentication and can pass attributes as headers to omniauth-shibboleth provider. To enable the Shibboleth OmniAuth provider you must configure Apache shibboleth module. -Installation and configuration of module it self is out of scope of this document. -Check <https://wiki.shibboleth.net/> for more info. +The installation and configuration of the module itself is out of the scope of this document. +Check <https://wiki.shibboleth.net/confluence/display/SP3/Apache> for more info. You can find Apache config in gitlab-recipes (<https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache>). diff --git a/doc/integration/twitter.md b/doc/integration/twitter.md index 1cbfd81dfa9..d8096993885 100644 --- a/doc/integration/twitter.md +++ b/doc/integration/twitter.md @@ -2,80 +2,81 @@ To enable the Twitter OmniAuth provider you must register your application with Twitter. Twitter will generate a client ID and secret key for you to use. -1. Sign in to [Twitter Application Management](https://apps.twitter.com/). +1. Sign in to [Twitter Application Management](https://developer.twitter.com/apps). -1. Select "Create new app" +1. Select "Create new app" -1. Fill in the application details. - - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or - something else descriptive. - - Description: Create a description. - - Website: The URL to your GitLab installation. `https://gitlab.example.com` - - Callback URL: `https://gitlab.example.com/users/auth/twitter/callback` - - Agree to the "Developer Agreement". +1. Fill in the application details. + - Name: This can be anything. Consider something like `<Organization>'s GitLab` or `<Your Name>'s GitLab` or + something else descriptive. + - Description: Create a description. + - Website: The URL to your GitLab installation. `https://gitlab.example.com` + - Callback URL: `https://gitlab.example.com/users/auth/twitter/callback` + - Agree to the "Developer Agreement". -  -1. Select "Create your Twitter application." +  -1. Select the "Settings" tab. +1. Select "Create your Twitter application." -1. Underneath the Callback URL check the box next to "Allow this application to be used to Sign in with Twitter." +1. Select the "Settings" tab. -1. Select "Update settings" at the bottom to save changes. +1. Underneath the Callback URL check the box next to "Allow this application to be used to Sign in with Twitter." -1. Select the "Keys and Access Tokens" tab. +1. Select "Update settings" at the bottom to save changes. -1. You should now see an API key and API secret (see screenshot). Keep this page open as you continue configuration. +1. Select the "Keys and Access Tokens" tab. -  +1. You should now see an API key and API secret (see screenshot). Keep this page open as you continue configuration. -1. On your GitLab server, open the configuration file. +  - For omnibus package: +1. On your GitLab server, open the configuration file. - ```sh - sudo editor /etc/gitlab/gitlab.rb - ``` + For omnibus package: - For installations from source: + ```sh + sudo editor /etc/gitlab/gitlab.rb + ``` - ```sh - cd /home/git/gitlab + For installations from source: - sudo -u git -H editor config/gitlab.yml - ``` + ```sh + cd /home/git/gitlab -1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. + sudo -u git -H editor config/gitlab.yml + ``` -1. Add the provider configuration: +1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. - For omnibus package: +1. Add the provider configuration: - ```ruby - gitlab_rails['omniauth_providers'] = [ - { - "name" => "twitter", - "app_id" => "YOUR_APP_ID", - "app_secret" => "YOUR_APP_SECRET" - } - ] - ``` + For omnibus package: - For installations from source: + ```ruby + gitlab_rails['omniauth_providers'] = [ + { + "name" => "twitter", + "app_id" => "YOUR_APP_ID", + "app_secret" => "YOUR_APP_SECRET" + } + ] + ``` - ``` - - { name: 'twitter', app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - ``` + For installations from source: -1. Change 'YOUR_APP_ID' to the API key from Twitter page in step 11. + ``` + - { name: 'twitter', app_id: 'YOUR_APP_ID', + app_secret: 'YOUR_APP_SECRET' } + ``` -1. Change 'YOUR_APP_SECRET' to the API secret from the Twitter page in step 11. +1. Change 'YOUR_APP_ID' to the API key from Twitter page in step 11. -1. Save the configuration file. +1. Change 'YOUR_APP_SECRET' to the API secret from the Twitter page in step 11. -1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you - installed GitLab via Omnibus or from source respectively. +1. Save the configuration file. + +1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you + installed GitLab via Omnibus or from source respectively. On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in. |