GitLab-CE接入OAuth 2.0 ID Provider实现统一认证
6
编辑文件/etc/gitlab/gitlab.rb
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Login with OpenID',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://oauth.yourdomain.com', # .well_known所在路径
'discovery' => true,
'uid_field' => 'sub',
'client_options' => {
'identifier' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_KEY',
'redirect_uri' => 'https://git.yourdomain.com/users/auth/openid_connect/callback'
}
}
}
]
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['name', 'email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = nil
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_user'] = ['openid_connect']
GitLab-CE接入OAuth 2.0 ID Provider实现统一认证
https://imoe.ac.cn/archives/gitlab-cejie-ru-oauth-2.0-id-provider