Skip to content

G
gitlab-ce
Commit 5997cc89 authored by Evan Read's avatar Evan Read
Browse files
Options

Merge branch 'sh-improve-openid-docs' into 'master' 

Fix OpenID Connect documentation

See merge request gitlab-org/gitlab-ce!29314
parents ad94a024 6dcbf1f5
Hide whitespace changes
Inline Side-by-side
Showing with 35 additions and 0 deletions
doc/administration/auth/oidc.md
View file @ 5997cc89
...@@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to ...@@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to
{ 'name' => 'openid_connect', { 'name' => 'openid_connect',
'label' => '<your_oidc_label>', 'label' => '<your_oidc_label>',
'args' => { 'args' => {
"name' => 'openid_connect',
'scope' => ['openid','profile'], 'scope' => ['openid','profile'],
'response_type' => 'code', 'response_type' => 'code',
'issuer' => '<your_oidc_url>', 'issuer' => '<your_oidc_url>',
...@@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to ...@@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to
- { name: 'openid_connect', - { name: 'openid_connect',
label: '<your_oidc_label>', label: '<your_oidc_label>',
args: { args: {
name: 'openid_connect',
scope: ['openid','profile'], scope: ['openid','profile'],
response_type: 'code', response_type: 'code',
issuer: '<your_oidc_url>', issuer: '<your_oidc_url>',
...@@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula ...@@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula
Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to
sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user
will be redirected to GitLab and will be signed in. will be redirected to GitLab and will be signed in.
## Example configurations
The following configurations illustrate how to set up OpenID with
different providers with Omnibus GitLab.
### Google
See the [Google
documentation](https://developers.google.com/identity/protocols/OpenIDConnect)
for more details:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Google OpenID',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://accounts.google.com',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR PROJECT CLIENT ID>',
'secret' => '<YOUR PROJECT CLIENT SECRET>',
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback',
}
}
}
```
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7