Commit 23f03215 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs-make-sure-enabling-omniauth' into 'master'

Make it clear that we need to enable omniauth for SAML and Bitbucket

See merge request gitlab-org/gitlab-ce!20421
parents 539e06ef 91bd69a4
# Integrate your GitLab server with Bitbucket # Integrate your GitLab server with Bitbucket
NOTE: **Note:**
You need to [enable OmniAuth](omniauth.md) in order to use this.
Import projects from Bitbucket.org and login to your GitLab instance with your Import projects from Bitbucket.org and login to your GitLab instance with your
Bitbucket.org account. Bitbucket.org account.
...@@ -76,13 +79,13 @@ you to use. ...@@ -76,13 +79,13 @@ you to use.
sudo -u git -H editor /home/git/gitlab/config/gitlab.yml sudo -u git -H editor /home/git/gitlab/config/gitlab.yml
``` ```
1. Follow the [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration)
for initial settings.
1. Add the Bitbucket provider configuration: 1. Add the Bitbucket provider configuration:
For Omnibus packages: For Omnibus packages:
```ruby ```ruby
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "bitbucket", "name" => "bitbucket",
...@@ -96,6 +99,9 @@ you to use. ...@@ -96,6 +99,9 @@ you to use.
For installations from source: For installations from source:
```yaml ```yaml
omniauth:
enabled: true
providers:
- { name: 'bitbucket', - { name: 'bitbucket',
app_id: 'BITBUCKET_APP_KEY', app_id: 'BITBUCKET_APP_KEY',
app_secret: 'BITBUCKET_APP_SECRET', app_secret: 'BITBUCKET_APP_SECRET',
...@@ -121,6 +127,9 @@ well, the user will be returned to GitLab and will be signed in. ...@@ -121,6 +127,9 @@ well, the user will be returned to GitLab and will be signed in.
Once the above configuration is set up, you can use Bitbucket to sign into Once the above configuration is set up, you can use Bitbucket to sign into
GitLab and [start importing your projects][bb-import]. GitLab and [start importing your projects][bb-import].
If you don't want to enable signing in with Bitbucket but just want to import
projects from Bitbucket, you could [disable it in the admin panel](omniauth.md#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
[init-oauth]: omniauth.md#initial-omniauth-configuration [init-oauth]: omniauth.md#initial-omniauth-configuration
[bb-import]: ../workflow/importing/import_projects_from_bitbucket.md [bb-import]: ../workflow/importing/import_projects_from_bitbucket.md
[bb-old]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-14-stable/doc/integration/bitbucket.md [bb-old]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-14-stable/doc/integration/bitbucket.md
......
# SAML OmniAuth Provider # SAML OmniAuth Provider
NOTE: **Note:**
You need to [enable OmniAuth](omniauth.md) in order to use this.
GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows
GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as
Microsoft ADFS to authenticate users. Microsoft ADFS to authenticate users.
...@@ -26,15 +29,13 @@ in your SAML IdP: ...@@ -26,15 +29,13 @@ in your SAML IdP:
sudo -u git -H editor config/gitlab.yml sudo -u git -H editor config/gitlab.yml
``` ```
1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration)
for initial settings.
1. To allow your users to use SAML to sign up without having to manually create 1. To allow your users to use SAML to sign up without having to manually create
an account first, don't forget to add the following values to your configuration: an account first, don't forget to add the following values to your configuration:
For omnibus package: For omnibus package:
```ruby ```ruby
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_block_auto_created_users'] = false
``` ```
...@@ -42,6 +43,8 @@ in your SAML IdP: ...@@ -42,6 +43,8 @@ in your SAML IdP:
For installations from source: For installations from source:
```yaml ```yaml
omniauth:
enabled: true
allow_single_sign_on: ["saml"] allow_single_sign_on: ["saml"]
block_auto_created_users: false block_auto_created_users: false
``` ```
...@@ -84,6 +87,8 @@ in your SAML IdP: ...@@ -84,6 +87,8 @@ in your SAML IdP:
For installations from source: For installations from source:
```yaml ```yaml
omniauth:
providers:
- { - {
name: 'saml', name: 'saml',
args: { args: {
...@@ -220,6 +225,8 @@ If you want some SAML authentication methods to count as 2FA on a per session ba ...@@ -220,6 +225,8 @@ If you want some SAML authentication methods to count as 2FA on a per session ba
1. Edit `config/gitlab.yml`: 1. Edit `config/gitlab.yml`:
```yaml ```yaml
omniauth:
providers:
- { - {
name: 'saml', name: 'saml',
args: { args: {
...@@ -234,7 +241,6 @@ If you want some SAML authentication methods to count as 2FA on a per session ba ...@@ -234,7 +241,6 @@ If you want some SAML authentication methods to count as 2FA on a per session ba
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS', 'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS',
'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN' 'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
] ]
}, },
label: 'Company Login' # optional label for SAML login button, defaults to "Saml" label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
} }
...@@ -247,11 +253,11 @@ In addition to the changes in GitLab, make sure that your Idp is returning the ...@@ -247,11 +253,11 @@ In addition to the changes in GitLab, make sure that your Idp is returning the
`AuthnContext`. For example: `AuthnContext`. For example:
```xml ```xml
<saml:AuthnStatement> <saml:AuthnStatement>
<saml:AuthnContext> <saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MediumStrongCertificateProtectedTransport</saml:AuthnContextClassRef> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MediumStrongCertificateProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext> </saml:AuthnContext>
</saml:AuthnStatement> </saml:AuthnStatement>
``` ```
## Customization ## Customization
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment