- Open your Keycloak realm.
- Import
keycloak-gitlab.json. - Fix URLs of the client.
- Edit
gitlab.rband boot up your GitLab. - Click the
SAMLbutton.
-
-
Save hulihutu808/5ad3c97fee33172fdfb90bf3bc76b91a to your computer and use it in GitHub Desktop.
GitLab SAML SSO with Keycloak
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gitlab_rails['omniauth_enabled'] = true | |
| gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] | |
| gitlab_rails['omniauth_block_auto_created_users'] = false | |
| gitlab_rails['omniauth_auto_link_saml_user'] = true | |
| gitlab_rails['omniauth_providers'] = [ | |
| { | |
| name: 'saml', | |
| label: 'SAML', | |
| args: { | |
| assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', | |
| idp_cert: "-----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n", | |
| idp_sso_target_url: 'https://keycloak.example.com/auth/realms/hello/protocol/saml', | |
| issuer: 'https://gitlab.example.com', | |
| name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', | |
| attribute_statements: { username: ['username'] } | |
| } | |
| } | |
| ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "clients": [ | |
| { | |
| "clientId": "https://gitlab.example.com", | |
| "rootUrl": "https://gitlab.example.com", | |
| "enabled": true, | |
| "redirectUris": [ | |
| "https://gitlab.example.com/*" | |
| ], | |
| "protocol": "saml", | |
| "attributes": { | |
| "saml.assertion.signature": "false", | |
| "saml.force.post.binding": "true", | |
| "saml.multivalued.roles": "false", | |
| "saml.encrypt": "false", | |
| "saml.server.signature": "true", | |
| "saml.server.signature.keyinfo.ext": "false", | |
| "saml.signature.algorithm": "RSA_SHA256", | |
| "saml_force_name_id_format": "false", | |
| "saml.client.signature": "false", | |
| "saml.authnstatement": "true", | |
| "saml_name_id_format": "username", | |
| "saml.onetimeuse.condition": "false", | |
| "saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" | |
| }, | |
| "protocolMappers": [ | |
| { | |
| "name": "email", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "email", | |
| "attribute.name": "email" | |
| } | |
| }, | |
| { | |
| "name": "first_name", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "firstName", | |
| "attribute.name": "first_name" | |
| } | |
| }, | |
| { | |
| "name": "last_name", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "lastName", | |
| "attribute.name": "last_name" | |
| } | |
| }, | |
| { | |
| "name": "username", | |
| "protocol": "saml", | |
| "protocolMapper": "saml-user-property-mapper", | |
| "consentRequired": false, | |
| "config": { | |
| "user.attribute": "username", | |
| "attribute.name": "username" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment