From 6c7d8080a325b13b623ec6de393c772c761f03af Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Thu, 13 Oct 2022 10:36:08 -0700 Subject: [PATCH] Switch to Keycloak SAML --- server/config/gitlab/docker-compose.yml | 26 +++---------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/server/config/gitlab/docker-compose.yml b/server/config/gitlab/docker-compose.yml index c7cf108..89fe93e 100644 --- a/server/config/gitlab/docker-compose.yml +++ b/server/config/gitlab/docker-compose.yml @@ -57,9 +57,8 @@ services: name: 'saml', args: { assertion_consumer_service_url: 'https://gitlab.jafner.net/users/auth/saml/callback', - # Shown when navigating to certificates in authentik - idp_cert_fingerprint: 'db:b6:b1:08:e7:de:ea:07:4d:39:a6:19:db:f3:51:e1:7e:8f:69:22', - idp_sso_target_url: 'https://authentik.jafner.net/application/saml/gitlab/sso/binding/redirect/', + idp_cert_fingerprint: '1e:5f:6d:57:5e:5f:45:8f:dc:b2:87:86:73:c0:92:ca:91:1d:c2:b5', + idp_sso_target_url: 'https://keycloak.jafner.net/application/saml/gitlab/sso/binding/redirect/', issuer: 'https://gitlab.jafner.net', name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', attribute_statements: { @@ -68,26 +67,7 @@ services: nickname: ['http://schemas.goauthentik.io/2021/02/saml/username'] } }, - label: 'authentik' - }, - { - name: "openid_connect", - label: "Keycloak", # optional label for login button, defaults to "Openid Connect" - args: { - name: "openid_connect", - scope: ["openid","profile","email"], - response_type: "code", - issuer: "https://keycloak.jafner.net/realms/Jafner.net", - discovery: true, - client_auth_method: "query", - uid_field: "email", - send_scope_to_token_endpoint: "false", - client_options: { - identifier: "gitlab.jafner.net", - secret: "reKQMUwGLpvVVsgiYRkoa52vcqsWHq3n", - redirect_uri: "https://gitlab.jafner.net/users/auth/openid_connect/callback" - } - } + label: 'keycloak' } ]