Commit 4b2966fd authored by Kati Paizee's avatar Kati Paizee

Merge branch 'elygre/gitlab-patch-46' into 'master'

Add 'label' to all the OAuth examples

See merge request gitlab-org/gitlab!74831
parents 0255ba46 86ae2a9e
...@@ -50,9 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu ...@@ -50,9 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: "atlassian_oauth2", name: "atlassian_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID", app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET", app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' } args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
} }
] ]
``` ```
...@@ -60,10 +61,12 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu ...@@ -60,10 +61,12 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
For installations from source: For installations from source:
```yaml ```yaml
- name: "atlassian_oauth2", - { name: "atlassian_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID", app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET", app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' } args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
}
``` ```
1. Change `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` to the Client credentials you received in [application registration](#atlassian-application-registration) steps. 1. Change `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` to the Client credentials you received in [application registration](#atlassian-application-registration) steps.
......
...@@ -36,10 +36,11 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us ...@@ -36,10 +36,11 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "authentiq", name: "authentiq",
"app_id" => "YOUR_CLIENT_ID", # label: "Provider name", # optional label for login button, defaults to "Authentiq"
"app_secret" => "YOUR_CLIENT_SECRET", app_id: "YOUR_CLIENT_ID",
"args" => { app_secret: "YOUR_CLIENT_SECRET",
args: {
"scope": 'aq:name email~rs address aq:push' "scope": 'aq:name email~rs address aq:push'
} }
} }
...@@ -50,6 +51,7 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us ...@@ -50,6 +51,7 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```yaml ```yaml
- { name: 'authentiq', - { name: 'authentiq',
# label: 'Provider name', # optional label for login button, defaults to "Authentiq"
app_id: 'YOUR_CLIENT_ID', app_id: 'YOUR_CLIENT_ID',
app_secret: 'YOUR_CLIENT_SECRET', app_secret: 'YOUR_CLIENT_SECRET',
args: { args: {
......
...@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file: ...@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file:
gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito'] gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito']
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "cognito", name: "cognito",
# "label" => "Cognito", label: "Provider name", # optional label for login button, defaults to "Cognito"
# "icon" => nil, # Optional icon URL icon: nil, # Optional icon URL
"app_id" => "CLIENT ID", app_id: "CLIENT ID",
"app_secret" => "CLIENT SECRET", app_secret: "CLIENT SECRET",
"args" => { args: {
"scope" => "openid profile email", scope: "openid profile email",
client_options: { client_options: {
'site' => 'https://your_domain.auth.your_region.amazoncognito.com', site: "https://your_domain.auth.your_region.amazoncognito.com",
'authorize_url' => '/oauth2/authorize', authorize_url: "/oauth2/authorize",
'token_url' => '/oauth2/token', token_url: "/oauth2/token",
'user_info_url' => '/oauth2/userInfo' user_info_url: "/oauth2/userInfo"
}, },
user_response_structure: { user_response_structure: {
root_path: [], root_path: [],
id_path: ['sub'], id_path: ["sub"],
attributes: { nickname: 'email', name: 'email', email: 'email' } attributes: { nickname: "email", name: "email", email: "email" }
}, },
name: 'cognito', name: "cognito",
strategy_class: "OmniAuth::Strategies::OAuth2Generic" strategy_class: "OmniAuth::Strategies::OAuth2Generic"
} }
} }
......
...@@ -46,11 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests. ...@@ -46,11 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "crowd", name: "crowd",
"args" => { # label: "Provider name", # optional label for login button, defaults to "Crowd"
"crowd_server_url" => "CROWD_SERVER_URL", args: {
"application_name" => "YOUR_APP_NAME", crowd_server_url: "CROWD_SERVER_URL",
"application_password" => "YOUR_APP_PASSWORD" application_name: "YOUR_APP_NAME",
application_password: "YOUR_APP_PASSWORD"
} }
} }
] ]
...@@ -60,6 +61,7 @@ this provider also allows Crowd authentication for Git-over-https requests. ...@@ -60,6 +61,7 @@ this provider also allows Crowd authentication for Git-over-https requests.
```yaml ```yaml
- { name: 'crowd', - { name: 'crowd',
# label: 'Provider name', # optional label for login button, defaults to "Crowd"
args: { args: {
crowd_server_url: 'CROWD_SERVER_URL', crowd_server_url: 'CROWD_SERVER_URL',
application_name: 'YOUR_APP_NAME', application_name: 'YOUR_APP_NAME',
......
...@@ -32,14 +32,15 @@ JWT will provide you with a secret key for you to use. ...@@ -32,14 +32,15 @@ JWT will provide you with a secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ name: 'jwt', { name: "jwt",
label: "Provider name", # optional label for login button, defaults to "Jwt"
args: { args: {
secret: 'YOUR_APP_SECRET', secret: "YOUR_APP_SECRET",
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512' algorithm: "HS256", # Supported algorithms: "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512"
uid_claim: 'email', uid_claim: "email",
required_claims: ['name', 'email'], required_claims: ["name", "email"],
info_map: { name: 'name', email: 'email' }, info_map: { name: "name", email: "email" },
auth_url: 'https://example.com/', auth_url: "https://example.com/",
valid_within: 3600 # 1 hour valid_within: 3600 # 1 hour
} }
} }
...@@ -50,6 +51,7 @@ JWT will provide you with a secret key for you to use. ...@@ -50,6 +51,7 @@ JWT will provide you with a secret key for you to use.
```yaml ```yaml
- { name: 'jwt', - { name: 'jwt',
label: 'Provider name', # optional label for login button, defaults to "Jwt"
args: { args: {
secret: 'YOUR_APP_SECRET', secret: 'YOUR_APP_SECRET',
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512' algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
......
...@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us ...@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect', {
'label' => '<your_oidc_label>', name: "openid_connect",
'icon' => '<custom_provider_icon>', label: "Provider name", # optional label for login button, defaults to "Openid Connect"
'args' => { icon: "<custom_provider_icon>",
'name' => 'openid_connect', args: {
'scope' => ['openid','profile','email'], name: "openid_connect",
'response_type' => 'code', scope: ["openid","profile","email"],
'issuer' => '<your_oidc_url>', response_type: "code",
'discovery' => true, issuer: "<your_oidc_url>",
'client_auth_method' => 'query', discovery: true,
'uid_field' => '<uid_field>', client_auth_method: "query",
'send_scope_to_token_endpoint' => 'false', uid_field: "<uid_field>",
'client_options' => { send_scope_to_token_endpoint: "false",
'identifier' => '<your_oidc_client_id>', client_options: {
'secret' => '<your_oidc_client_secret>', identifier: "<your_oidc_client_id>",
'redirect_uri' => '<your_gitlab_url>/users/auth/openid_connect/callback' secret: "<your_oidc_client_secret>",
redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -61,7 +62,7 @@ The OpenID Connect provides you with a client's details and secret for you to us ...@@ -61,7 +62,7 @@ The OpenID Connect provides you with a client's details and secret for you to us
```yaml ```yaml
- { name: 'openid_connect', - { name: 'openid_connect',
label: '<your_oidc_label>', label: 'Provider name', # optional label for login button, defaults to "Openid Connect"
icon: '<custom_provider_icon>', icon: '<custom_provider_icon>',
args: { args: {
name: 'openid_connect', name: 'openid_connect',
...@@ -136,20 +137,20 @@ for more details: ...@@ -136,20 +137,20 @@ for more details:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Google OpenID', label: "Google OpenID", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://accounts.google.com', issuer: "https://accounts.google.com",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR PROJECT CLIENT ID>', identifier: "<YOUR PROJECT CLIENT ID>",
'secret' => '<YOUR PROJECT CLIENT SECRET>', secret: "<YOUR PROJECT CLIENT SECRET>",
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback', redirect_uri: "https://example.com/users/auth/openid_connect/callback",
} }
} }
} }
...@@ -173,20 +174,20 @@ Example Omnibus configuration block: ...@@ -173,20 +174,20 @@ Example Omnibus configuration block:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Azure OIDC', label: "Azure OIDC", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0', issuer: "https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR APP CLIENT ID>', identifier: "<YOUR APP CLIENT ID>",
'secret' => '<YOUR APP CLIENT SECRET>', secret: "<YOUR APP CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -302,21 +303,21 @@ The trailing forward slash is required. ...@@ -302,21 +303,21 @@ The trailing forward slash is required.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Azure B2C OIDC', label: "Azure B2C OIDC", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid'], scope: ["openid"],
'response_mode' => 'query', response_mode: "query",
'response_type' => 'id_token', response_type: "id_token",
'issuer' => 'https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/', issuer: "https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'send_scope_to_token_endpoint' => true, send_scope_to_token_endpoint: true,
'client_options' => { client_options: {
'identifier' => '<YOUR APP CLIENT ID>', identifier: "<YOUR APP CLIENT ID>",
'secret' => '<YOUR APP CLIENT SECRET>', secret: "<YOUR APP CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
}] }]
...@@ -359,20 +360,20 @@ Example Omnibus configuration block: ...@@ -359,20 +360,20 @@ Example Omnibus configuration block:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Keycloak', label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm', issuer: "https://keycloak.example.com/auth/realms/myrealm",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR CLIENT ID>', identifier: "<YOUR CLIENT ID>",
'secret' => '<YOUR CLIENT SECRET>', secret: "<YOUR CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -436,21 +437,21 @@ To use symmetric key encryption: ...@@ -436,21 +437,21 @@ To use symmetric key encryption:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Keycloak', label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm', issuer: "https://keycloak.example.com/auth/realms/myrealm",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'jwt_secret_base64' => '<YOUR BASE64-ENCODED SECRET>', jwt_secret_base64: "<YOUR BASE64-ENCODED SECRET>",
'client_options' => { client_options: {
'identifier' => '<YOUR CLIENT ID>', identifier: "<YOUR CLIENT ID>",
'secret' => '<YOUR CLIENT SECRET>', secret: "<YOUR CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
......
...@@ -58,11 +58,13 @@ application. ...@@ -58,11 +58,13 @@ application.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "auth0", name: "auth0",
"args" => { client_id: 'YOUR_AUTH0_CLIENT_ID', # label: "Provider name", # optional label for login button, defaults to "Auth0"
client_secret: 'YOUR_AUTH0_CLIENT_SECRET', args: {
domain: 'YOUR_AUTH0_DOMAIN', client_id: "YOUR_AUTH0_CLIENT_ID",
scope: 'openid profile email' client_secret: "YOUR_AUTH0_CLIENT_SECRET",
domain: "YOUR_AUTH0_DOMAIN",
scope: "openid profile email"
} }
} }
] ]
...@@ -72,6 +74,7 @@ application. ...@@ -72,6 +74,7 @@ application.
```yaml ```yaml
- { name: 'auth0', - { name: 'auth0',
# label: 'Provider name', # optional label for login button, defaults to "Auth0"
args: { args: {
client_id: 'YOUR_AUTH0_CLIENT_ID', client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET', client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
......
...@@ -58,11 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind: ...@@ -58,11 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "azure_oauth2", name: "azure_oauth2",
"args" => { # label: "Provider name", # optional label for login button, defaults to "Azure AD"
"client_id" => "CLIENT ID", args: {
"client_secret" => "CLIENT SECRET", client_id: "CLIENT ID",
"tenant_id" => "TENANT ID", client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID",
} }
} }
] ]
...@@ -72,9 +73,10 @@ As you go through the Microsoft procedure, keep the following in mind: ...@@ -72,9 +73,10 @@ As you go through the Microsoft procedure, keep the following in mind:
```yaml ```yaml
- { name: 'azure_oauth2', - { name: 'azure_oauth2',
args: { client_id: "CLIENT ID", # label: 'Provider name', # optional label for login button, defaults to "Azure AD"
client_secret: "CLIENT SECRET", args: { client_id: 'CLIENT ID',
tenant_id: "TENANT ID" } } client_secret: 'CLIENT SECRET',
tenant_id: 'TENANT ID' } }
``` ```
The `base_azure_url` is optional and can be added for different locales; The `base_azure_url` is optional and can be added for different locales;
...@@ -167,6 +169,7 @@ Alternatively, add the `User.Read.All` application permission. ...@@ -167,6 +169,7 @@ Alternatively, add the `User.Read.All` application permission.
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "azure_activedirectory_v2", "name" => "azure_activedirectory_v2",
"label" => "Provider name", # optional label for login button, defaults to "Azure AD v2"
"args" => { "args" => {
"client_id" => "CLIENT ID", "client_id" => "CLIENT ID",
"client_secret" => "CLIENT SECRET", "client_secret" => "CLIENT SECRET",
...@@ -180,6 +183,7 @@ Alternatively, add the `User.Read.All` application permission. ...@@ -180,6 +183,7 @@ Alternatively, add the `User.Read.All` application permission.
```yaml ```yaml
- { name: 'azure_activedirectory_v2', - { name: 'azure_activedirectory_v2',
label: 'Provider name', # optional label for login button, defaults to "Azure AD v2"
args: { client_id: "CLIENT ID", args: { client_id: "CLIENT ID",
client_secret: "CLIENT SECRET", client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID" } } tenant_id: "TENANT ID" } }
......
...@@ -87,10 +87,11 @@ to the end of the Bitbucket authorization callback URL. ...@@ -87,10 +87,11 @@ to the end of the Bitbucket authorization callback URL.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "bitbucket", name: "bitbucket",
"app_id" => "BITBUCKET_APP_KEY", # label: "Provider name", # optional label for login button, defaults to "Bitbucket"
"app_secret" => "BITBUCKET_APP_SECRET", app_id: "BITBUCKET_APP_KEY",
"url" => "https://bitbucket.org/" app_secret: "BITBUCKET_APP_SECRET",
url: "https://bitbucket.org/"
} }
] ]
``` ```
...@@ -102,6 +103,7 @@ to the end of the Bitbucket authorization callback URL. ...@@ -102,6 +103,7 @@ to the end of the Bitbucket authorization callback URL.
enabled: true enabled: true
providers: providers:
- { name: 'bitbucket', - { name: 'bitbucket',
# label: 'Provider name', # optional label for login button, defaults to "Bitbucket"
app_id: 'BITBUCKET_APP_KEY', app_id: 'BITBUCKET_APP_KEY',
app_secret: 'BITBUCKET_APP_SECRET', app_secret: 'BITBUCKET_APP_SECRET',
url: 'https://bitbucket.org/' } url: 'https://bitbucket.org/' }
......
...@@ -37,13 +37,13 @@ configure CAS for back-channel logout. ...@@ -37,13 +37,13 @@ configure CAS for back-channel logout.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name"=> "cas3", name: "cas3",
"label"=> "cas", label: "Provider name", # optional label for login button, defaults to "Cas3"
"args"=> { args: {
"url"=> 'CAS_SERVER', url: "CAS_SERVER",
"login_url"=> '/CAS_PATH/login', login_url: "/CAS_PATH/login",
"service_validate_url"=> '/CAS_PATH/p3/serviceValidate', service_validate_url: "/CAS_PATH/p3/serviceValidate",
"logout_url"=> '/CAS_PATH/logout' logout_url: "/CAS_PATH/logout"
} }
} }
] ]
...@@ -53,7 +53,7 @@ configure CAS for back-channel logout. ...@@ -53,7 +53,7 @@ configure CAS for back-channel logout.
```yaml ```yaml
- { name: 'cas3', - { name: 'cas3',
label: 'cas', label: 'Provider name', # optional label for login button, defaults to "Cas3"
args: { args: {
url: 'CAS_SERVER', url: 'CAS_SERVER',
login_url: '/CAS_PATH/login', login_url: '/CAS_PATH/login',
......
...@@ -60,9 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene ...@@ -60,9 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "ding_talk", name: "ding_talk",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "Ding Talk"
"app_secret" => "YOUR_APP_SECRET" app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
...@@ -71,6 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene ...@@ -71,6 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```yaml ```yaml
- { name: 'ding_talk', - { name: 'ding_talk',
# label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' } app_secret: 'YOUR_APP_SECRET' }
``` ```
......
...@@ -81,9 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use. ...@@ -81,9 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "facebook", name: "facebook",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "Facebook"
"app_secret" => "YOUR_APP_SECRET" app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
...@@ -91,7 +92,9 @@ Facebook. Facebook generates an app ID and secret key for you to use. ...@@ -91,7 +92,9 @@ Facebook. Facebook generates an app ID and secret key for you to use.
For installations from source: For installations from source:
```yaml ```yaml
- { name: 'facebook', app_id: 'YOUR_APP_ID', - { name: 'facebook',
# label: 'Provider name', # optional label for login button, defaults to "Facebook"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' } app_secret: 'YOUR_APP_SECRET' }
``` ```
......
...@@ -50,10 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -50,10 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"args" => { "scope" => "user:email" } app_secret: "YOUR_APP_SECRET",
args: { scope: "user:email" }
} }
] ]
``` ```
...@@ -63,11 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -63,11 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"url" => "https://github.example.com/", app_secret: "YOUR_APP_SECRET",
"args" => { "scope" => "user:email" } url: "https://github.example.com/",
args: { scope: "user:email" }
} }
] ]
``` ```
...@@ -85,7 +87,9 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -85,7 +87,9 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
For GitHub.com: For GitHub.com:
```yaml ```yaml
- { name: 'github', app_id: 'YOUR_APP_ID', - { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } } args: { scope: 'user:email' } }
``` ```
...@@ -94,6 +98,7 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -94,6 +98,7 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```yaml ```yaml
- { name: 'github', - { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/", url: "https://github.example.com/",
...@@ -122,12 +127,13 @@ For Omnibus package: ...@@ -122,12 +127,13 @@ For Omnibus package:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"url" => "https://github.example.com/", app_secret: "YOUR_APP_SECRET",
"verify_ssl" => false, url: "https://github.example.com/",
"args" => { "scope" => "user:email" } verify_ssl: false,
args: { scope: "user:email" }
} }
] ]
``` ```
...@@ -142,6 +148,7 @@ For installation from source: ...@@ -142,6 +148,7 @@ For installation from source:
```yaml ```yaml
- { name: 'github', - { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/", url: "https://github.example.com/",
......
...@@ -53,10 +53,11 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -53,10 +53,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "gitlab", name: "gitlab",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"args" => { "scope" => "api" } app_secret: "YOUR_APP_SECRET",
args: { scope: "api" }
} }
] ]
``` ```
...@@ -66,10 +67,11 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -66,10 +67,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "gitlab", name: "gitlab",
"app_id" => "YOUR_APP_ID", label: "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"args" => { "scope" => "api", "client_options" => { "site" => "https://gitlab.example.com/api/v4" } } app_secret: "YOUR_APP_SECRET",
args: { scope: "api", client_options: { site: "https://gitlab.example.com/api/v4" } }
} }
] ]
``` ```
...@@ -78,6 +80,7 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -78,6 +80,7 @@ GitLab.com generates an application ID and secret key for you to use.
```yaml ```yaml
- { name: 'gitlab', - { name: 'gitlab',
# label: 'Provider name', # optional label for login button, defaults to "GitLab.com"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api' } } args: { scope: 'api' } }
...@@ -87,6 +90,7 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -87,6 +90,7 @@ GitLab.com generates an application ID and secret key for you to use.
```yaml ```yaml
- { name: 'gitlab', - { name: 'gitlab',
label: 'Provider name', # optional label for login button, defaults to "GitLab.com"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api', "client_options": { "site": 'https://gitlab.example.com/api/v4' } } args: { scope: 'api', "client_options": { "site": 'https://gitlab.example.com/api/v4' } }
......
...@@ -79,10 +79,11 @@ On your GitLab server: ...@@ -79,10 +79,11 @@ On your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "google_oauth2", name: "google_oauth2",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "Google"
"app_secret" => "YOUR_APP_SECRET", app_id: "YOUR_APP_ID",
"args" => { "access_type" => "offline", "approval_prompt" => '' } app_secret: "YOUR_APP_SECRET",
args: { access_type: "offline", approval_prompt: "" }
} }
] ]
``` ```
...@@ -91,6 +92,7 @@ On your GitLab server: ...@@ -91,6 +92,7 @@ On your GitLab server:
```yaml ```yaml
- { name: 'google_oauth2', - { name: 'google_oauth2',
# label: 'Provider name', # optional label for login button, defaults to "Google"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } } args: { access_type: 'offline', approval_prompt: '' } }
......
...@@ -61,32 +61,32 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc ...@@ -61,32 +61,32 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ 'name' => 'oauth2_generic', {
'label' => '<your_oauth2_label>', name: "oauth2_generic",
'app_id' => '<your_app_client_id>', label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
'app_secret' => '<your_app_client_secret>', app_id: "<your_app_client_id>",
'args' => { app_secret: "<your_app_client_secret>",
args: {
client_options: { client_options: {
'site' => '<your_auth_server_url>', site: "<your_auth_server_url>",
'user_info_url' => '/oauth2/v1/userinfo', user_info_url: "/oauth2/v1/userinfo",
'authorize_url' => '/oauth2/v1/authorize', authorize_url: "/oauth2/v1/authorize",
'token_url' => '/oauth2/v1/token' token_url: "/oauth2/v1/token"
}, },
user_response_structure: { user_response_structure: {
root_path: [], root_path: [],
id_path: ['sub'], id_path: ["sub"],
attributes: { attributes: {
email: 'email', email: "email",
name: 'name' name: "name"
} }
}, },
authorize_params: { authorize_params: {
scope: 'openid profile email' scope: "openid profile email"
}, },
strategy_class: "OmniAuth::Strategies::OAuth2Generic" strategy_class: "OmniAuth::Strategies::OAuth2Generic"
} }
} }
}
] ]
``` ```
......
...@@ -57,9 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create ...@@ -57,9 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "salesforce", name: "salesforce",
"app_id" => "SALESFORCE_CLIENT_ID", # label: "Provider name", # optional label for login button, defaults to "Salesforce"
"app_secret" => "SALESFORCE_CLIENT_SECRET" app_id: "SALESFORCE_CLIENT_ID",
app_secret: "SALESFORCE_CLIENT_SECRET"
} }
] ]
``` ```
...@@ -68,6 +69,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create ...@@ -68,6 +69,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```yaml ```yaml
- { name: 'salesforce', - { name: 'salesforce',
# label: 'Provider name', # optional label for login button, defaults to "Salesforce"
app_id: 'SALESFORCE_CLIENT_ID', app_id: 'SALESFORCE_CLIENT_ID',
app_secret: 'SALESFORCE_CLIENT_SECRET' app_secret: 'SALESFORCE_CLIENT_SECRET'
} }
......
...@@ -98,15 +98,15 @@ as described in the section on [Security](#security). Otherwise, your users are ...@@ -98,15 +98,15 @@ as described in the section on [Security](#security). Otherwise, your users are
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: 'saml', name: "saml",
label: "Provider name", # optional label for login button, defaults to "Saml"
args: { args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: 'https://login.example.com/idp', idp_sso_target_url: "https://login.example.com/idp",
issuer: 'https://gitlab.example.com', issuer: "https://gitlab.example.com",
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}, }
label: 'Provider name' # optional label for SAML login button, defaults to "Saml"
} }
] ]
``` ```
...@@ -118,14 +118,14 @@ as described in the section on [Security](#security). Otherwise, your users are ...@@ -118,14 +118,14 @@ as described in the section on [Security](#security). Otherwise, your users are
providers: providers:
- { - {
name: 'saml', name: 'saml',
label: 'Provider name', # optional label for login button, defaults to "Saml"
args: { args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp', idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com', issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
}, }
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
} }
``` ```
...@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the ...@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: 'saml', name: "saml",
args: { args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: 'https://login.example.com/idp', idp_sso_target_url: "https://login.example.com/idp",
issuer: 'https://gitlab.example.com', issuer: "https://gitlab.example.com",
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
upstream_two_factor_authn_contexts: upstream_two_factor_authn_contexts:
%w( %w(
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
) )
}, },
label: 'Company Login' # optional label for SAML login button, defaults to "Saml" label: "Company Login" # optional label for SAML login button, defaults to "Saml"
} }
] ]
``` ```
......
...@@ -62,9 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use. ...@@ -62,9 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "twitter", name: "twitter",
"app_id" => "YOUR_APP_ID", # label: "Provider name", # optional label for login button, defaults to "Twitter"
"app_secret" => "YOUR_APP_SECRET" app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
...@@ -73,6 +74,7 @@ Twitter. Twitter generates a client ID and secret key for you to use. ...@@ -73,6 +74,7 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```yaml ```yaml
- { name: 'twitter', - { name: 'twitter',
# label: 'Provider name', # optional label for login button, defaults to "Twitter"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' } app_secret: 'YOUR_APP_SECRET' }
``` ```
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment