Merge branch 'docs-make-sure-enabling-omniauth' into 'master'

Make it clear that we need to enable omniauth for SAML and Bitbucket See merge request gitlab-org/gitlab-ce!20421

Merge branch 'docs-make-sure-enabling-omniauth' into 'master'
Make it clear that we need to enable omniauth for SAML and Bitbucket See merge request gitlab-org/gitlab-ce!20421
23f03215 · Achilleas Pipinellis · 539e06ef · 91bd69a4 · 23f03215 · 23f03215
Commit 23f03215 authored Jul 06, 2018 by Achilleas Pipinellis
Show whitespace changes
Inline Side-by-side

Showing with 104 additions and 89 deletions

doc/integration/bitbucket.md doc/integration/bitbucket.md +15 -6

doc/integration/saml.md doc/integration/saml.md +89 -83

No files found.
--- a/doc/integration/bitbucket.md
+++ b/doc/integration/bitbucket.md
 # Integrate your GitLab server with Bitbucket
+NOTE: **Note:**
+You need to [enable OmniAuth](omniauth.md) in order to use this.
 Import projects from Bitbucket.org and login to your GitLab instance with your
 Bitbucket.org account.
@@ -76,13 +79,13 @@ you to use.
    sudo -u git -H editor /home/git/gitlab/config/gitlab.yml
    ```
-1.  Follow the [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration)
-    for initial settings.
 1.  Add the Bitbucket provider configuration:
    For Omnibus packages:
    ```ruby
+    gitlab_rails['omniauth_enabled'] = true
    gitlab_rails['omniauth_providers'] = [
      {
        "name" => "bitbucket",
@@ -96,6 +99,9 @@ you to use.
    For installations from source:
    ```yaml
+    omniauth:
+      enabled: true
+      providers:
        - { name: 'bitbucket',
            app_id: 'BITBUCKET_APP_KEY',
            app_secret: 'BITBUCKET_APP_SECRET',
@@ -121,6 +127,9 @@ well, the user will be returned to GitLab and will be signed in.
 Once the above configuration is set up, you can use Bitbucket to sign into
 GitLab and [start importing your projects][bb-import].
+If you don't want to enable signing in with Bitbucket but just want to import
+projects from Bitbucket, you could [disable it in the admin panel](omniauth.md#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
 [init-oauth]: omniauth.md#initial-omniauth-configuration
 [bb-import]: ../workflow/importing/import_projects_from_bitbucket.md
 [bb-old]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-14-stable/doc/integration/bitbucket.md

--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
 # SAML OmniAuth Provider
+NOTE: **Note:**
+You need to [enable OmniAuth](omniauth.md) in order to use this.
 GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows
 GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as
 Microsoft ADFS to authenticate users.
@@ -26,15 +29,13 @@ in your SAML IdP:
    sudo -u git -H editor config/gitlab.yml
    ```
-1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration)
-    for initial settings.
 1.  To allow your users to use SAML to sign up without having to manually create
    an account first, don't forget to add the following values to your configuration:
    For omnibus package:
    ```ruby
+    gitlab_rails['omniauth_enabled'] = true
    gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
    gitlab_rails['omniauth_block_auto_created_users'] = false
    ```
@@ -42,6 +43,8 @@ in your SAML IdP:
    For installations from source:
    ```yaml
+    omniauth:
+      enabled: true
      allow_single_sign_on: ["saml"]
      block_auto_created_users: false
    ```
@@ -84,6 +87,8 @@ in your SAML IdP:
    For installations from source:
    ```yaml
+    omniauth:
+      providers:
        - {
            name: 'saml',
            args: {
@@ -220,6 +225,8 @@ If you want some SAML authentication methods to count as 2FA on a per session ba
 1. Edit `config/gitlab.yml`:
    ```yaml
+    omniauth:
+      providers:
        - {
            name: 'saml',
            args: {
@@ -234,7 +241,6 @@ If you want some SAML authentication methods to count as 2FA on a per session ba
                        'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS',
                        'urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN'
                      ]
                  },
            label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
          }
@@ -247,11 +253,11 @@ In addition to the changes in GitLab, make sure that your Idp is returning the
 `AuthnContext`. For example:
 ```xml
-    <saml:AuthnStatement> 
+<saml:AuthnStatement>
    <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MediumStrongCertificateProtectedTransport</saml:AuthnContextClassRef>
    </saml:AuthnContext>
-    </saml:AuthnStatement>
+</saml:AuthnStatement>
 ```
 ## Customization