Add Omniauth config for Authentik

homelab/server/config/gitlab/docker-compose.yml

@@ -36,6 +36,34 @@ services:
         gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net'
         registry_nginx['enable'] = false
         registry['registry_http_addr'] = "0.0.0.0:5000"
+        gitlab_rails['omniauth_enabled'] = true
+        gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+        gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
+        gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
+        gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
+        gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
+        gitlab_rails['omniauth_block_auto_created_users'] = false
+        gitlab_rails['omniauth_auto_link_saml_user'] = true
+        gitlab_rails['omniauth_providers'] = [
+          {
+            name: 'saml',
+            args: {
+              assertion_consumer_service_url: 'https://gitlab.jafner.net/users/auth/saml/callback',
+              # Shown when navigating to certificates in authentik
+              idp_cert_fingerprint: 'db:b6:b1:08:e7:de:ea:07:4d:39:a6:19:db:f3:51:e1:7e:8f:69:22',
+              idp_sso_target_url: 'https://authentik.jafner.net/application/saml/gitlab/sso/binding/redirect/',
+              issuer: 'https://gitlab.jafner.net',
+              name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+              attribute_statements: {
+                email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
+                first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
+                nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
+              }
+            },
+            label: 'authentik'
+          }
+        ]
+
 
     ports:
       - '2229:22'