- Open your Keycloak realm.
- Import
keycloak-gitlab.json. - Fix URLs of the client.
- Edit
gitlab.rband boot up your GitLab. - Click the
SAMLbutton.
Created
June 22, 2018 06:57
-
-
Save int128/ab5839d5f59829840a0204f0c8cd8a8b to your computer and use it in GitHub Desktop.
GitLab SAML SSO with Keycloak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gitlab_rails['omniauth_enabled'] = true | |
| gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] | |
| gitlab_rails['omniauth_block_auto_created_users'] = false | |
| gitlab_rails['omniauth_auto_link_saml_user'] = true | |
| gitlab_rails['omniauth_providers'] = [ | |
| { | |
| name: 'saml', | |
| label: 'SAML', | |
| args: { | |
| assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', | |
| idp_cert: "-----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n", | |
| idp_sso_target_url: 'https://keycloak.example.com/auth/realms/hello/protocol/saml', | |
| issuer: 'https://gitlab.example.com', | |
| name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', | |
| attribute_statements: { username: ['username'] } | |
| } | |
| } | |
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "clients": [ | |
| { | |
| "clientId": "https://gitlab.example.com", | |
| "rootUrl": "https://gitlab.example.com", | |
| "enabled": true, | |
| "redirectUris": [ | |
| "https://gitlab.example.com/*" | |
| ], | |
| "protocol": "saml", | |
| "attributes": { | |
| "saml.assertion.signature": "false", | |
| "saml.force.post.binding": "true", | |
| "saml.multivalued.roles": "false", | |
| "saml.encrypt": "false", | |
| "saml.server.signature": "true", | |
| "saml.server.signature.keyinfo.ext": "false", | |
| "saml.signature.algorithm": "RSA_SHA256", | |
| "saml_force_name_id_format": "false", | |
| "saml.client.signature": "false", | |
| "saml.authnstatement": "true", | |
| "saml_name_id_format": "username", | |
| "saml.onetimeuse.condition": "false", | |
| "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" | |
| }, | |
| "protocolMappers": [ | |
| { | |
| "name": "email", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "email", | |
| "attribute.name": "email" | |
| } | |
| }, | |
| { | |
| "name": "first_name", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "firstName", | |
| "attribute.name": "first_name" | |
| } | |
| }, | |
| { | |
| "name": "last_name", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "lastName", | |
| "attribute.name": "last_name" | |
| } | |
| }, | |
| { | |
| "name": "username", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "username", | |
| "attribute.name": "username" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment