summaryrefslogtreecommitdiff
path: root/doc/integration
diff options
context:
space:
mode:
Diffstat (limited to 'doc/integration')
-rw-r--r--doc/integration/bitbucket.md4
-rw-r--r--doc/integration/datadog.md4
-rw-r--r--doc/integration/elasticsearch.md2
-rw-r--r--doc/integration/jenkins.md209
-rw-r--r--doc/integration/kerberos.md21
-rw-r--r--doc/integration/mattermost/index.md3
-rw-r--r--doc/integration/oauth_provider.md2
-rw-r--r--doc/integration/omniauth.md12
-rw-r--r--doc/integration/openid_connect_provider.md29
-rw-r--r--doc/integration/saml.md8
-rw-r--r--doc/integration/sourcegraph.md45
11 files changed, 162 insertions, 177 deletions
diff --git a/doc/integration/bitbucket.md b/doc/integration/bitbucket.md
index db7e7d74efe..2fc80aa1769 100644
--- a/doc/integration/bitbucket.md
+++ b/doc/integration/bitbucket.md
@@ -6,10 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Integrate your GitLab server with Bitbucket Cloud **(FREE SELF)**
-NOTE:
-Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
-earlier version, you must explicitly enable it.
-
You can set up Bitbucket.org as an OAuth 2.0 provider to use your Bitbucket.org
account credentials to sign in to GitLab. You can also import your projects from
Bitbucket.org.
diff --git a/doc/integration/datadog.md b/doc/integration/datadog.md
index 89e08d330e8..4be0089703a 100644
--- a/doc/integration/datadog.md
+++ b/doc/integration/datadog.md
@@ -32,9 +32,11 @@ project, group, or instance level:
1. Scroll to **Add an integration**, and select **Datadog**.
1. Select **Active** to enable the integration.
1. Specify the [**Datadog site**](https://docs.datadoghq.com/getting_started/site/) to send data to.
+1. Provide your Datadog **API key**.
+<!-- 1. Optional. Select **Enable logs collection** to enable logs collection for the output of jobs. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346339) in GitLab 14.8.) -->
+<!-- TODO: uncomment the archive_trace_events field once :datadog_integration_logs_collection is rolled out. Rollout issue: https://gitlab.com/gitlab-org/gitlab/-/issues/346339 -->
1. Optional. To override the API URL used to send data directly, provide an **API URL**.
Used only in advanced scenarios.
-1. Provide your Datadog **API key**.
1. Optional. If you use more than one GitLab instance, provide a unique **Service** name
to differentiate between your GitLab instances.
1. Optional. If you use groups of GitLab instances (such as staging and production
diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md
index 8461aca8c8d..7356574a33e 100644
--- a/doc/integration/elasticsearch.md
+++ b/doc/integration/elasticsearch.md
@@ -478,6 +478,8 @@ The following are some available Rake tasks:
| [`sudo gitlab-rake gitlab:elastic:mark_reindex_failed`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Mark the most recent re-index job as failed. |
| [`sudo gitlab-rake gitlab:elastic:list_pending_migrations`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | List pending migrations. Pending migrations include those that have not yet started, have started but not finished, and those that are halted. |
| [`sudo gitlab-rake gitlab:elastic:estimate_cluster_size`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Get an estimate of cluster size based on the total repository size. |
+| [`sudo gitlab-rake gitlab:elastic:enable_search_with_elasticsearch`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Enable advanced search with Elasticsearch. |
+| [`sudo gitlab-rake gitlab:elastic:disable_search_with_elasticsearch`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Disables advanced search with Elasticsearch. |
### Environment variables
diff --git a/doc/integration/jenkins.md b/doc/integration/jenkins.md
index 822530775e5..bae52622966 100644
--- a/doc/integration/jenkins.md
+++ b/doc/integration/jenkins.md
@@ -4,100 +4,80 @@ group: Integrations
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
-# Jenkins CI service **(FREE)**
+# Jenkins integration **(FREE)**
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/246756) to GitLab Free in 13.7.
-From GitLab, you can trigger a Jenkins build when you push code to a repository, or when a merge
-request is created. In return, the Jenkins pipeline status is shown on merge requests widgets and
-on the GitLab project's home page.
+You can trigger a build in Jenkins when you push code to your repository or
+create a merge request in GitLab. The Jenkins pipeline status displays on merge
+requests widgets and on the GitLab project's home page.
-To better understand the GitLab Jenkins integration, watch the following video:
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
+For an overview of the Jenkins integration for GitLab, see
+[GitLab workflow with Jira issues and Jenkins pipelines](https://youtu.be/Jn-_fyra7xQ).
-- [GitLab workflow with Jira issues and Jenkins pipelines](https://youtu.be/Jn-_fyra7xQ)
+Use the Jenkins integration when:
-Use the Jenkins integration with GitLab when:
-
-- You plan to migrate your CI from Jenkins to [GitLab CI/CD](../ci/index.md) in the future, but
-need an interim solution.
-- You're invested in [Jenkins Plugins](https://plugins.jenkins.io/) and choose to keep using Jenkins
-to build your apps.
-
-For a real use case, read the blog post [Continuous integration: From Jenkins to GitLab using Docker](https://about.gitlab.com/blog/2017/07/27/docker-my-precious/).
-
-Moving from a traditional CI plug-in to a single application for the entire software development
-life cycle can decrease hours spent on maintaining toolchains by 10% or more. For more details, see
-the ['GitLab vs. Jenkins' comparison page](https://about.gitlab.com/devops-tools/jenkins-vs-gitlab/).
+- You plan to migrate your CI from Jenkins to [GitLab CI/CD](../ci/index.md)
+ in the future, but need an interim solution.
+- You're invested in [Jenkins plugins](https://plugins.jenkins.io/) and choose
+ to keep using Jenkins to build your apps.
NOTE:
-This documentation focuses only on how to **configure** a Jenkins *integration* with
+This documentation focuses only on how to configure a Jenkins *integration* with
GitLab. Learn how to set up Jenkins [on your local machine](../development/integrations/jenkins.md)
-in our developer documentation, and how to **migrate** from Jenkins to GitLab CI/CD in our
+in the developer documentation, and how to migrate from Jenkins to GitLab CI/CD in the
[Migrating from Jenkins](../ci/migration/jenkins.md) documentation.
-## Configure GitLab integration with Jenkins
-
-The GitLab Jenkins integration requires installation and configuration in both GitLab and Jenkins.
-In GitLab, you need to grant Jenkins access to the relevant projects. In Jenkins, you need to
-install and configure several plugins.
-
-### GitLab requirements
-
-- [Grant Jenkins permission to GitLab project](#grant-jenkins-access-to-gitlab-project)
-- [Configure GitLab API access](#configure-gitlab-api-access)
-- [Configure the GitLab project](#configure-the-gitlab-project)
-
-### Jenkins requirements
+The Jenkins integration requires configuration in both GitLab and Jenkins.
-- [Configure the Jenkins server](#configure-the-jenkins-server)
-- [Configure the Jenkins project](#configure-the-jenkins-project)
+## Grant Jenkins access to the GitLab project
-## Grant Jenkins access to GitLab project
-
-Grant a GitLab user access to the select GitLab projects.
+Grant a GitLab user access to the relevant GitLab projects.
1. Create a new GitLab user, or choose an existing GitLab user.
This account is used by Jenkins to access the GitLab projects. We recommend creating a GitLab
user for only this purpose. If you use a person's account, and their account is deactivated or
- deleted, the GitLab-Jenkins integration stops working.
+ deleted, the Jenkins integration stops working.
1. Grant the user permission to the GitLab projects.
- If you're integrating Jenkins with many GitLab projects, consider granting the user the global
- Administrator role. Otherwise, add the user to each project, and grant the Developer role.
+ If you're integrating Jenkins with many GitLab projects, consider granting the
+ user the administrator access level. Otherwise, add the user to each project
+ and grant the Developer role.
-## Configure GitLab API access
+## Grant Jenkins access to the GitLab API
-Create a personal access token to authorize Jenkins' access to GitLab.
+Create a personal access token to authorize Jenkins to access GitLab.
1. Sign in to GitLab as the user to be used with Jenkins.
-1. In the top-right corner, select your avatar.
+1. On the top bar, in the top right corner, select your avatar.
1. Select **Edit profile**.
1. On the left sidebar, select **Access Tokens**.
-1. Create a personal access token with the **API** scope checkbox checked. For more details, see
- [Personal access tokens](../user/profile/personal_access_tokens.md).
-1. Record the personal access token's value, because it's required in [Configure the Jenkins server](#configure-the-jenkins-server) section.
+1. Create a [personal access token](../user/profile/personal_access_tokens.md) and
+ select the **API** scope.
+1. Copy the personal access token. You need it to [configure the Jenkins server](#configure-the-jenkins-server).
## Configure the Jenkins server
Install and configure the Jenkins plugin. The plugin must be installed and configured to
authorize the connection to GitLab.
-1. On the Jenkins server, go to **Manage Jenkins > Manage Plugins**.
+1. On the Jenkins server, select **Manage Jenkins > Manage Plugins**.
1. Install the [Jenkins GitLab Plugin](https://wiki.jenkins.io/display/JENKINS/GitLab+Plugin).
-1. Go to **Manage Jenkins > Configure System**.
-1. In the **GitLab** section, check the **Enable authentication for '/project' end-point** checkbox.
-1. Click **Add**, then choose **Jenkins Credential Provider**.
-1. Choose **GitLab API token** as the token type.
-1. Enter the GitLab personal access token's value in the **API Token** field and click **Add**.
-1. Enter the GitLab server's URL in the **GitLab host URL** field.
-1. Click **Test Connection**, ensuring the connection is successful before proceeding.
-
-For more information, see GitLab Plugin documentation about
-[Jenkins-to-GitLab authentication](https://github.com/jenkinsci/gitlab-plugin#jenkins-to-gitlab-authentication).
+1. Select **Manage Jenkins > Configure System**.
+1. In the **GitLab** section, select **Enable authentication for '/project' end-point**.
+1. Select **Add**, then choose **Jenkins Credential Provider**.
+1. Select **GitLab API token** as the token type.
+1. Enter the GitLab personal access token's value in **API Token** and select **Add**.
+1. Enter the GitLab server's URL in **GitLab host URL**.
+1. To test the connection, select **Test Connection**.
-![Jenkins GitLab plugin configuration](img/jenkins_gitlab_plugin_config.png)
+ ![Jenkins plugin configuration](img/jenkins_gitlab_plugin_config.png)
+
+For more information, see
+[Jenkins-to-GitLab authentication](https://github.com/jenkinsci/gitlab-plugin#jenkins-to-gitlab-authentication).
## Configure the Jenkins project
@@ -105,15 +85,15 @@ Set up the Jenkins project you intend to run your build on.
1. On your Jenkins instance, go to **New Item**.
1. Enter the project's name.
-1. Choose between **Freestyle** or **Pipeline** and click **OK**.
- We recommend a Freestyle project, because the Jenkins plugin updates the build status on
- GitLab. In a Pipeline project, you must configure a script to update the status on GitLab.
-1. Choose your GitLab connection from the dropdown.
-1. Check the **Build when a change is pushed to GitLab** checkbox.
-1. Check the following checkboxes:
+1. Select **Freestyle** or **Pipeline** and select **OK**.
+ We recommend a Freestyle project, because the Jenkins plugin updates the build status on
+ GitLab. In a Pipeline project, you must configure a script to update the status on GitLab.
+1. Choose your GitLab connection from the dropdown list.
+1. Select **Build when a change is pushed to GitLab**.
+1. Select the following checkboxes:
- **Accepted Merge Request Events**
- **Closed Merge Request Events**
-1. Specify how build status is reported to GitLab:
+1. Specify how the build status is reported to GitLab:
- If you created a **Freestyle** project, in the **Post-build Actions** section, choose
**Publish build status to GitLab**.
- If you created a **Pipeline** project, you must use a Jenkins Pipeline script to update the status on
@@ -143,39 +123,49 @@ Set up the Jenkins project you intend to run your build on.
Configure the GitLab integration with Jenkins in one of the following ways.
-### Recommended Jenkins integration
+### Configure a Jenkins integration (recommended)
GitLab recommends this approach for Jenkins integrations because it is easier to configure
-than the [webhook integration](#webhook-integration).
+than the [webhook integration](#configure-a-webhook).
-1. Create a new GitLab project or choose an existing one.
-1. Go to **Settings > Integrations**, then select **Jenkins CI**.
-1. Turn on the **Active** toggle.
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Settings > Integrations**.
+1. Select **Jenkins**.
+1. Select the **Active** checkbox.
1. Select the events you want GitLab to trigger a Jenkins build for:
- Push
- Merge request
- Tag push
-1. Enter the **Jenkins URL**.
+1. Enter the **Jenkins server URL**.
1. Enter the **Project name**.
The project name should be URL-friendly, where spaces are replaced with underscores. To ensure
the project name is valid, copy it from your browser's address bar while viewing the Jenkins
project.
-1. Enter the **Username** and **Password** if your Jenkins server requires
- authentication.
-1. Click **Test settings and save changes**. GitLab tests the connection to Jenkins.
+1. If your Jenkins server requires
+ authentication, enter the **Username** and **Password**.
+1. To test the connection to Jenkins, select **Test settings**.
+1. Select **Save changes**.
-### Webhook integration
+### Configure a webhook
If you are unable to provide GitLab with your Jenkins server login, you can use this option
to integrate GitLab and Jenkins.
-1. In the configuration of your Jenkins job, in the GitLab configuration section, click **Advanced**.
-1. Click the **Generate** button under the **Secret Token** field.
-1. Copy the resulting token, and save the job configuration.
+1. In the configuration of your Jenkins job, in the GitLab configuration section, select **Advanced**.
+1. Under **Secret Token**, select **Generate**.
+1. Copy the token, and save the job configuration.
1. In GitLab, create a webhook for your project, enter the trigger URL
- (such as `https://JENKINS_URL/project/YOUR_JOB`) and paste the token in the **Secret Token** field.
-1. After you add the webhook, click the **Test** button, and it should succeed.
+ (such as `https://JENKINS_URL/project/YOUR_JOB`) and paste the token in **Secret Token**.
+1. To test the webhook, select **Test**.
+
+## Related topics
+
+- For a real use case, read the blog post
+ [Continuous integration: From Jenkins to GitLab using Docker](https://about.gitlab.com/blog/2017/07/27/docker-my-precious/).
+- See the ['GitLab vs. Jenkins' comparison page](https://about.gitlab.com/devops-tools/jenkins-vs-gitlab/)
+ for information on how moving to a single application for the entire software development
+ lifecycle can decrease hours spent on maintaining toolchains by 10% or more.
## Troubleshooting
@@ -188,24 +178,31 @@ If you get this error message while configuring GitLab, the following are possib
- The Jenkins instance is at a local address and is not included in the
[GitLab installation's allowlist](../security/webhooks.md#allowlist-for-local-requests).
- The credentials for the Jenkins instance do not have sufficient access or are invalid.
-- The **Enable authentication for ‘/project’ end-point checkbox** is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
+- The **Enable authentication for ‘/project’ end-point** checkbox is not selected in your [Jenkin's plugin configuration](#configure-the-jenkins-server).
### Error in merge requests - "Could not connect to the CI server"
-This integration relies on Jenkins reporting the build status back to GitLab via
-the [Commit Status API](../api/commits.md#commit-status).
+You might get the `Could not connect to the CI server` error if GitLab did not
+receive a build status update from Jenkins via the [Commit Status API](../api/commits.md#commit-status).
+
+This issue occurs when Jenkins is not properly
+configured or there is an error reporting the status via the API.
-The error 'Could not connect to the CI server' usually means that GitLab did not
-receive a build status update via the API. Either Jenkins was not properly
-configured or there was an error reporting the status via the API.
+To fix this issue, ensure you:
-1. [Configure the Jenkins server](#configure-the-jenkins-server) for GitLab API access
+1. [Configure the Jenkins server](#configure-the-jenkins-server) for GitLab API access.
1. [Configure the Jenkins project](#configure-the-jenkins-project), including the
'Publish build status to GitLab' post-build action.
-### Merge Request event does not trigger a Jenkins Pipeline
+### Merge request event does not trigger a Jenkins pipeline
-Check [service hook logs](../user/project/integrations/overview.md#troubleshooting-integrations) for request failures or check the `/var/log/gitlab/gitlab-rails/production.log` file for messages like:
+This issue can occur when the request exceeds the
+[webhook timeout](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered),
+which is set to 10 seconds by default.
+
+Check the [service hook logs](../user/project/integrations/overview.md#troubleshooting-integrations)
+for request failures or check the `/var/log/gitlab/gitlab-rails/production.log`
+file for messages like:
```plaintext
WebHook Error => Net::ReadTimeout
@@ -217,30 +214,38 @@ or
WebHook Error => execution expired
```
-If those are present, the request is exceeding the
-[webhook timeout](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered),
-which is set to 10 seconds by default.
-
-To fix this the `gitlab_rails['webhook_timeout']` value must be increased
-in the `gitlab.rb` configuration file, followed by the [`gitlab-ctl reconfigure` command](../administration/restart_gitlab.md).
-
-If you don't find the errors above, but do find *duplicate* entries like below (in `/var/log/gitlab/gitlab-rail`),
-[webhook requests may be timing out](../user/project/integrations/webhooks.md#webhook-fails-or-multiple-webhook-requests-are-triggered):
+Or check for duplicate messages in `/var/log/gitlab/gitlab-rail`, like:
```plaintext
2019-10-25_04:22:41.25630 2019-10-25T04:22:41.256Z 1584 TID-ovowh4tek WebHookWorker JID-941fb7f40b69dff3d833c99b INFO: start
2019-10-25_04:22:41.25630 2019-10-25T04:22:41.256Z 1584 TID-ovowh4tek WebHookWorker JID-941fb7f40b69dff3d833c99b INFO: start
```
+To fix this issue:
+
+1. Increase the `gitlab_rails['webhook_timeout']` value in the `gitlab.rb`
+ configuration file.
+1. [Restart](../administration/restart_gitlab.md) GitLab:
+
+ ```shell
+ gitlab-ctl reconfigure
+ ```
+
### Enable job logs in Jenkins
-When troubleshooting an integration issue, it is useful to enable job logs in Jenkins to see more details about what is happening under the hood.
+To troubleshoot an integration issue, you can enable job logs in Jenkins to get
+more details about your builds.
+
To enable job logs in Jenkins:
1. Go to **Dashboard > Manage Jenkins > System Log**.
1. Select **Add new log recorder**.
1. Enter a name for the log recorder.
-1. On the next screen, select **Add** and enter `org.jenkinsci.plugins.workflow.job` in the text field.
+1. On the next screen, select **Add** and enter `org.jenkinsci.plugins.workflow.job`.
1. Make sure that the Log Level is **All** and select **Save**.
-Now, after you run a build, you can go to the loggers page (**Dashboard > Manage Jenkins > System Log**), select your logger, and check the logs.
+To view your logs:
+
+1. Run a build.
+1. Go to **Dashboard > Manage Jenkins > System Log**.
+1. Select your logger and check the logs.
diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md
index 0f9bf3ba1d1..04a02b8fa68 100644
--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
@@ -1,6 +1,6 @@
---
stage: Manage
-group: Access
+group: Authentication & Authorization
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
---
@@ -9,9 +9,8 @@ info: "To determine the technical writer assigned to the Stage/Group associated
GitLab can integrate with [Kerberos](https://web.mit.edu/kerberos/) as an authentication mechanism.
WARNING:
-GitLab CI/CD does not work with a Kerberos-enabled GitLab instance due to an unresolved
-[bug in Git CLI](https://lore.kernel.org/git/YKNVop80H8xSTCjz@coredump.intra.peff.net/T/#mab47fd7dcb61fee651f7cc8710b8edc6f62983d5)
-that fails to use job token authentication from the GitLab Runners.
+GitLab CI/CD doesn't work with a Kerberos-enabled GitLab instance unless the integration is
+[set to use a dedicated port](#http-git-access-with-kerberos-token-passwordless-authentication).
## Overview
@@ -235,19 +234,23 @@ know the `libcurl` version installed, run `curl-config --version`.
### HTTP Git access with Kerberos token (passwordless authentication)
-#### Support for Git before 2.4
-
-Until Git version 2.4, the `git` command uses only the `negotiate` authentication
+Because of [a bug in current Git versions](https://lore.kernel.org/git/YKNVop80H8xSTCjz@coredump.intra.peff.net/T/#mab47fd7dcb61fee651f7cc8710b8edc6f62983d5),
+the `git` CLI command uses only the `negotiate` authentication
method if the HTTP server offers it, even if this method fails (such as when
the client does not have a Kerberos token). It is thus not possible to fall back
-to username/password (also known as `basic`) authentication if Kerberos
+to an embedded username and password (also known as `basic`) authentication if Kerberos
authentication fails.
For GitLab users to be able to use either `basic` or `negotiate` authentication
-with older Git versions, it is possible to offer Kerberos ticket-based
+with current Git versions, it is possible to offer Kerberos ticket-based
authentication on a different port (for example, `8443`) while the standard port
offers only `basic` authentication.
+NOTE:
+[Git 2.4 and later](https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.0.txt#L225-L228) supports falling back to `basic` authentication if the
+username and password is passed interactively or through a credentials manager. It fails to fall back when the username and password is passed as part of the URL instead. For example,
+this can happen in GitLab CI/CD jobs that [authenticate with the CI/CD job token](../ci/jobs/ci_job_token.md).
+
**For source installations with HTTPS**
1. Edit the NGINX configuration file for GitLab
diff --git a/doc/integration/mattermost/index.md b/doc/integration/mattermost/index.md
index 97da971dd75..02fe0f4ea71 100644
--- a/doc/integration/mattermost/index.md
+++ b/doc/integration/mattermost/index.md
@@ -340,7 +340,8 @@ Below is a list of Mattermost versions for GitLab 11.10 and later:
| 14.3 | 5.38 |
| 14.4 | 5.39 |
| 14.5 | 5.39 |
-| 14.6 | 6.1 |
+| 14.6 | 6.1 |
+| 14.7 | 6.2 |
- GitLab 14.5 remained on Mattermost 5.39
- GitLab 14.6 updates to Mattermost 6.1 instead of 6.0
diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md
index af715e47ab9..ff144d9985b 100644
--- a/doc/integration/oauth_provider.md
+++ b/doc/integration/oauth_provider.md
@@ -1,6 +1,6 @@
---
stage: Manage
-group: Access
+group: Authentication & Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index dd51d823109..4c05f94148c 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -46,10 +46,6 @@ GitLab supports the following OmniAuth providers.
## Configure initial settings
-NOTE:
-In GitLab 11.4 and later, OmniAuth is enabled by default. If you're using an
-earlier version, you must explicitly enable it.
-
Before you configure the OmniAuth provider,
configure the settings that are common for all providers.
@@ -153,7 +149,7 @@ To enable or disable an OmniAuth provider:
## Disable OmniAuth
-In GitLab 11.4 and later, OmniAuth is enabled by default. However, OmniAuth only works
+OmniAuth is enabled by default. However, OmniAuth only works
if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
If OmniAuth providers are causing problems even when individually disabled, you
@@ -385,3 +381,9 @@ then override the icon in one of two ways:
...
}
```
+
+## Limitations
+
+Most supported OmniAuth providers don't support Git over HTTP password authentication.
+The only exception is [Atlassian Crowd](../administration/auth/crowd.md) (since GitLab [13.7](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46935)).
+As a workaround, you can authenticate using a [personal access token](../user/profile/personal_access_tokens.md).
diff --git a/doc/integration/openid_connect_provider.md b/doc/integration/openid_connect_provider.md
index 54d4a5b6bb7..e85231d1c25 100644
--- a/doc/integration/openid_connect_provider.md
+++ b/doc/integration/openid_connect_provider.md
@@ -47,20 +47,19 @@ The following user information is shared with clients:
| Claim | Type | Description |
|:-----------------|:----------|:------------|
-| `sub` | `string` | The ID of the user
-| `sub_legacy` | `string` | An opaque token that uniquely identifies the user<br><br>**Deprecation notice:** this token isn't stable because it's tied to the Rails secret key base, and is provided only for migration to the new stable `sub` value available from GitLab 11.1
-| `auth_time` | `integer` | The timestamp for the user's last authentication
-| `name` | `string` | The user's full name
-| `nickname` | `string` | The user's GitLab username
-| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise
-| `email_verified` | `boolean` | Whether the user's email address was verified
-| `website` | `string` | URL for the user's website
-| `profile` | `string` | URL for the user's GitLab profile
-| `picture` | `string` | URL for the user's GitLab avatar
-| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group.
-| `groups_direct` | `array` | Paths for the groups the user is a direct member of.
-| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role
-| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role
-| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role
+| `sub` | `string` | The ID of the user |
+| `auth_time` | `integer` | The timestamp for the user's last authentication |
+| `name` | `string` | The user's full name |
+| `nickname` | `string` | The user's GitLab username |
+| `email` | `string` | The user's email address<br>This is the user's *primary* email address if the application has access to the `email` claim and the user's *public* email address otherwise |
+| `email_verified` | `boolean` | Whether the user's email address was verified |
+| `website` | `string` | URL for the user's website |
+| `profile` | `string` | URL for the user's GitLab profile |
+| `picture` | `string` | URL for the user's GitLab avatar |
+| `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. |
+| `groups_direct` | `array` | Paths for the groups the user is a direct member of. |
+| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role |
+| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role |
+| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role |
The claims `sub`, `sub_legacy`, `email`, `email_verified` and `groups_direct` are included in the ID token. All other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients.
diff --git a/doc/integration/saml.md b/doc/integration/saml.md
index 70d6932b9eb..61d09b4e173 100644
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -1,6 +1,6 @@
---
stage: Manage
-group: Access
+group: Authentication & Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference
---
@@ -917,8 +917,10 @@ You may also find the [SAML Tracer](https://addons.mozilla.org/en-US/firefox/add
### Invalid audience
This error means that the IdP doesn't recognize GitLab as a valid sender and
-receiver of SAML requests. Make sure to add the GitLab callback URL to the approved
-audiences of the IdP server.
+receiver of SAML requests. Make sure to:
+
+- Add the GitLab callback URL to the approved audiences of the IdP server.
+- Avoid trailing whitespace in the `issuer` string.
### Missing claims, or `Email can't be blank` errors
diff --git a/doc/integration/sourcegraph.md b/doc/integration/sourcegraph.md
index 6f0027aedc7..b2e5f7b4b7d 100644
--- a/doc/integration/sourcegraph.md
+++ b/doc/integration/sourcegraph.md
@@ -7,8 +7,13 @@ type: reference, how-to
# Sourcegraph integration **(FREE)**
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16556) in GitLab 12.5.
-> - Note that this integration is in BETA and deployed [behind a feature flag](#enable-the-sourcegraph-feature-flag) disabled by default. Self-managed instances can opt to enable it.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/16556) in GitLab 12.5 [with a flag](../administration/feature_flags.md) named `sourcegraph`. Disabled by default.
+> - Enabled on GitLab.com in GitLab 12.5.
+> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73116) in GitLab 14.8.
+
+FLAG:
+On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../administration/feature_flags.md) named `sourcegraph`.
+On GitLab.com, this feature is available for public projects only.
[Sourcegraph](https://sourcegraph.com) provides code intelligence features, natively integrated into the GitLab UI.
@@ -26,41 +31,9 @@ you can choose to enable Sourcegraph [through your user preferences](#enable-sou
## Set up for self-managed GitLab instances **(FREE SELF)**
Before you can enable Sourcegraph code intelligence in GitLab you must:
+configure a Sourcegraph instance with your GitLab instance as an external service.
-- Enable the `sourcegraph` feature flag for your GitLab instance.
-- Configure a Sourcegraph instance with your GitLab instance as an external service.
-
-### Enable the Sourcegraph feature flag
-
-NOTE:
-If you are running a self-managed instance, the Sourcegraph integration is unavailable
-unless the feature flag `sourcegraph` is enabled. This can be done from the Rails console
-by instance administrators.
-
-Use these commands to start the Rails console:
-
-```shell
-# Omnibus GitLab
-gitlab-rails console
-
-# Installation from source
-cd /home/git/gitlab
-sudo -u git -H bin/rails console -e production
-```
-
-Then run the following command to enable the feature flag:
-
-```ruby
-Feature.enable(:sourcegraph)
-```
-
-You can also enable the feature flag only for specific projects with:
-
-```ruby
-Feature.enable(:sourcegraph, Project.find_by_full_path('my_group/my_project'))
-```
-
-### Set up a self-managed Sourcegraph instance
+### Set up a self-managed Sourcegraph instance **(FREE SELF)**
If you are new to Sourcegraph, head over to the [Sourcegraph installation documentation](https://docs.sourcegraph.com/admin) and get your instance up and running.
View Lorry Controller Status