From f6ebc9f03fa3b024f1a19c03175ab374f7aa7814 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Sat, 9 Jul 2022 00:01:18 -0700 Subject: [PATCH] Add Omniauth config for Authentik --- server/config/gitlab/docker-compose.yml | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/server/config/gitlab/docker-compose.yml b/server/config/gitlab/docker-compose.yml index b8b40ea..98ea30d 100644 --- a/server/config/gitlab/docker-compose.yml +++ b/server/config/gitlab/docker-compose.yml @@ -36,6 +36,34 @@ services: gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net' registry_nginx['enable'] = false registry['registry_http_addr'] = "0.0.0.0:5000" + gitlab_rails['omniauth_enabled'] = true + gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] + gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' + gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] + gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] + gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' + gitlab_rails['omniauth_block_auto_created_users'] = false + gitlab_rails['omniauth_auto_link_saml_user'] = true + gitlab_rails['omniauth_providers'] = [ + { + name: 'saml', + args: { + assertion_consumer_service_url: 'https://gitlab.jafner.net/users/auth/saml/callback', + # Shown when navigating to certificates in authentik + idp_cert_fingerprint: 'db:b6:b1:08:e7:de:ea:07:4d:39:a6:19:db:f3:51:e1:7e:8f:69:22', + idp_sso_target_url: 'https://authentik.jafner.net/application/saml/gitlab/sso/binding/redirect/', + issuer: 'https://gitlab.jafner.net', + name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', + attribute_statements: { + email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'], + first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'], + nickname: ['http://schemas.goauthentik.io/2021/02/saml/username'] + } + }, + label: 'authentik' + } + ] + ports: - '2229:22'