| `external_authorization_service_enabled` | boolean | no | Enable using an external authorization service for accessing projects |
| `external_authorization_service_enabled` | boolean | no | Enable using an external authorization service for accessing projects |
| `external_authorization_service_url` | string | no | URL to which authorization requests will be directed |
| `external_authorization_service_url` | string | no | URL to which authorization requests will be directed |
| `external_authorization_service_default_label` | string | no | The default classification label to use when requesting authorization and no classification label has been specified on the project |
| `external_authorization_service_default_label` | string | no | The default classification label to use when requesting authorization and no classification label has been specified on the project |
| `external_authorization_service_timeout` | float | no | The timeout to enforce when performing requests to the external authorization service |
| `external_auth_client_cert` | string | no | The certificate to use to authenticate with the external authorization service |
| `external_auth_client_key` | string | no | Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored |
| `external_auth_client_key_pass` | string | no | Passphrase to use for the private key when authenticating with the external service this is encrypted when stored |
```bash
```bash
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/application/settings?signup_enabled=false&default_project_visibility=internal
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/application/settings?signup_enabled=false&default_project_visibility=internal
@@ -43,9 +43,21 @@ The available required properties are:
...
@@ -43,9 +43,21 @@ The available required properties are:
-**External authorization request timeout**: The timeout after which an
-**External authorization request timeout**: The timeout after which an
authorization request is aborted. When a request times out, access is denied
authorization request is aborted. When a request times out, access is denied
to the user.
to the user.
-**Client authentication certificate**: The certificate to use to authenticate
with the external authorization service.
-**Client authentication key**: Private key for the certificate when
authentication is required for the external authorization service, this is
encrypted when stored.
-**Client authentication key password**: Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
-**Default classification label**: The classification label to use when
-**Default classification label**: The classification label to use when
requesting authorization if no specific label is defined on the project
requesting authorization if no specific label is defined on the project
When using TLS Authentication with a self signed certificate, the CA certificate
needs to be trused by the openssl installation. When using GitLab installed using
Omnibus, learn to install a custom CA in the
[omnibus documentation][omnibus-ssl-docs]. Alternatively learn where to install
custom certificates using `openssl version -d`.
## How it works
## How it works
When GitLab requests access, it will send a JSON POST request to the external
When GitLab requests access, it will send a JSON POST request to the external
...
@@ -90,3 +102,5 @@ label defined in the [global settings](#configuration) will be used.
...
@@ -90,3 +102,5 @@ label defined in the [global settings](#configuration) will be used.
The label will be shown on all project pages in the upper right corner.
The label will be shown on all project pages in the upper right corner.
