Commit 4c7ad989 authored by Evan Read's avatar Evan Read

Merge branch 'feat/casdoor' into 'master'

Add documentation on connecting to Casdoor

See merge request gitlab-org/gitlab!78630
parents eb37dcb1 4645f1f9
...@@ -461,6 +461,65 @@ To use symmetric key encryption: ...@@ -461,6 +461,65 @@ To use symmetric key encryption:
If after reconfiguring, you see the error `JSON::JWS::VerificationFailed` error message, this means If after reconfiguring, you see the error `JSON::JWS::VerificationFailed` error message, this means
the incorrect secret was specified. the incorrect secret was specified.
#### Casdoor
GitLab works with OpenID providers that use HTTPS. To connect to GitLab using OpenID with Casdoor, use HTTPS instead of HTTP.
For your app, complete the following steps on Casdoor:
1. Get a client ID and a client secret.
1. Add your GitLab redirect URL. For example, if your GitLab domain is `gitlab.example.com`, ensure the Casdoor app has the following
`Redirect URI`: `https://gitlab.example.com/users/auth/openid_connect/callback`.
See the [Casdoor documentation](https://casdoor.org/docs/integration/gitlab) for more details.
Example Omnibus GitLab configuration (file path: `/etc/gitlab/gitlab.rb`):
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "Casdoor", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://<CASDOOR_HOSTNAME>",
client_auth_method: "query",
discovery: true,
uid_field: "sub",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
]
```
Example installations from source configuration (file path: `config/gitlab.yml`):
```yaml
- { name: 'openid_connect',
label: 'Casdoor', # optional label for login button, defaults to "Openid Connect"
args: {
name: 'openid_connect',
scope: ['openid','profile','email'],
response_type: 'code',
issuer: 'https://<CASDOOR_HOSTNAME>',
discovery: true,
client_auth_method: 'query',
uid_field: 'sub',
client_options: {
identifier: '<YOUR CLIENT ID>',
secret: '<YOUR CLIENT SECRET>',
redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback'
}
}
}
```
## General troubleshooting ## General troubleshooting
If you're having trouble, here are some tips: If you're having trouble, here are some tips:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment