search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.85k stars 2.14k forks source link

OAUTH - multiple providers fails. #1382

Open cat5 opened 6 years ago

cat5 commented 6 years ago

In trying to configure multiple oauth providers, the setup scripts seem to fail in setting this up.

Using gitlab 10.0.2/3 images (but also tested on 9.5.5 but I have moved past this version). Also, deploying in GKE/kubernetes.

Variables are defined like this:

    - name: OAUTH_EXTERNAL_PROVIDERS
      value: "'saml', 'google_oauth2'"
    - name: OAUTH_ALLOW_SSO
      value: "'saml', 'google_oauth2'"
    - name: OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
      value: "'saml', 'google_oauth2'"

(I'm also limiting with OAUTH_GOOGLE_RESTRICT_DOMAIN, and this works - saml server I have 100% control over, so no need to restric anything here)

So, with the above, I connected into the container after deploying, and pulled up config/gitlab.yml to verify. So far...

allow_single_sign_on: ['saml', 'google_oauth2']

Under providers:

    providers:
      # See omniauth-cas3 for more configuration details
      - { name: 'saml',
          label: 'SAML Login',
          args: {
                  assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
                  idp_cert_fingerprint: 'XXXXXX',
                  idp_sso_target_url: 'https://XXX/auth/realms/myrealm/protocol/saml',
                  issuer: 'https://gitlab.example.com',
                  attribute_statements: {
                    name: ['urn:oid:2.5.4.42'],
                    email: ['urn:oid:1.2.840.113549.1.9.1'] },
                  name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-foo
rmat:unspecified' } }

there should be a , at the end of the last } followed by all the config for google_oauth2 - but there is nothing.

Used information from here: https://www.digitalocean.com/community/questions/multiple-oauth-providers-in-gitlab to troubleshoot

Logs during startup also never seem to show google oath being configured.

....
Configuring gitlab::oauth...
Configuring gitlab::oauth::saml...
Configuring gitlab::oauth::saml::attribute_statements...
Configuring gitlab::ldap...
Configuring gitlab::cron_jobs...
Configuring gitlab::backups...
Configuring gitlab::backups::schedule...
Configuring gitlab::registry...
Configuring gitlab::pages...
....
stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.