Commit 86ae2a9e authored by Rémy Coutable's avatar Rémy Coutable

doc: Improve consistentyc of OAuth pages

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 19363976
......@@ -50,10 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
gitlab_rails['omniauth_providers'] = [
{
name: "atlassian_oauth2",
# label: 'Provider name', # optional label for login button, defaults to "Atlassian"
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
}
]
```
......@@ -62,10 +62,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
```yaml
- { name: "atlassian_oauth2",
# label: 'Provider name', # optional label for login button, defaults to "Atlassian"
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
}
```
......
......@@ -36,11 +36,11 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "authentiq",
# "label" => "Provider name", # optional label for login button, defaults to "Authentiq"
"app_id" => "YOUR_CLIENT_ID",
"app_secret" => "YOUR_CLIENT_SECRET",
"args" => {
name: "authentiq",
# label: "Provider name", # optional label for login button, defaults to "Authentiq"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: {
"scope": 'aq:name email~rs address aq:push'
}
}
......
......@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file:
gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito']
gitlab_rails['omniauth_providers'] = [
{
"name" => "cognito",
# "label" => "Provider name", # optional label for login button, defaults to "Cognito"
# "icon" => nil, # Optional icon URL
"app_id" => "CLIENT ID",
"app_secret" => "CLIENT SECRET",
"args" => {
"scope" => "openid profile email",
name: "cognito",
label: "Provider name", # optional label for login button, defaults to "Cognito"
icon: nil, # Optional icon URL
app_id: "CLIENT ID",
app_secret: "CLIENT SECRET",
args: {
scope: "openid profile email",
client_options: {
'site' => 'https://your_domain.auth.your_region.amazoncognito.com',
'authorize_url' => '/oauth2/authorize',
'token_url' => '/oauth2/token',
'user_info_url' => '/oauth2/userInfo'
site: "https://your_domain.auth.your_region.amazoncognito.com",
authorize_url: "/oauth2/authorize",
token_url: "/oauth2/token",
user_info_url: "/oauth2/userInfo"
},
user_response_structure: {
root_path: [],
id_path: ['sub'],
attributes: { nickname: 'email', name: 'email', email: 'email' }
id_path: ["sub"],
attributes: { nickname: "email", name: "email", email: "email" }
},
name: 'cognito',
name: "cognito",
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
......
......@@ -46,12 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "crowd",
# "label" => "Provider name", # optional label for login button, defaults to "Crowd"
"args" => {
"crowd_server_url" => "CROWD_SERVER_URL",
"application_name" => "YOUR_APP_NAME",
"application_password" => "YOUR_APP_PASSWORD"
name: "crowd",
# label: "Provider name", # optional label for login button, defaults to "Crowd"
args: {
crowd_server_url: "CROWD_SERVER_URL",
application_name: "YOUR_APP_NAME",
application_password: "YOUR_APP_PASSWORD"
}
}
]
......
......@@ -32,15 +32,15 @@ JWT will provide you with a secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{ name: 'jwt',
label: 'Provider name', # optional label for login button, defaults to "Jwt"
{ name: "jwt",
label: "Provider name", # optional label for login button, defaults to "Jwt"
args: {
secret: 'YOUR_APP_SECRET',
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
uid_claim: 'email',
required_claims: ['name', 'email'],
info_map: { name: 'name', email: 'email' },
auth_url: 'https://example.com/',
secret: "YOUR_APP_SECRET",
algorithm: "HS256", # Supported algorithms: "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512"
uid_claim: "email",
required_claims: ["name", "email"],
info_map: { name: "name", email: "email" },
auth_url: "https://example.com/",
valid_within: 3600 # 1 hour
}
}
......
......@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us
```ruby
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'label' => 'Provider name', # optional label for login button, defaults to "Openid Connect"
'icon' => '<custom_provider_icon>',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile','email'],
'response_type' => 'code',
'issuer' => '<your_oidc_url>',
'discovery' => true,
'client_auth_method' => 'query',
'uid_field' => '<uid_field>',
'send_scope_to_token_endpoint' => 'false',
'client_options' => {
'identifier' => '<your_oidc_client_id>',
'secret' => '<your_oidc_client_secret>',
'redirect_uri' => '<your_gitlab_url>/users/auth/openid_connect/callback'
{
name: "openid_connect",
label: "Provider name", # optional label for login button, defaults to "Openid Connect"
icon: "<custom_provider_icon>",
args: {
name: "openid_connect",
scope: ["openid","profile","email"],
response_type: "code",
issuer: "<your_oidc_url>",
discovery: true,
client_auth_method: "query",
uid_field: "<uid_field>",
send_scope_to_token_endpoint: "false",
client_options: {
identifier: "<your_oidc_client_id>",
secret: "<your_oidc_client_secret>",
redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback"
}
}
}
......@@ -136,20 +137,20 @@ for more details:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Google OpenID', # optional label for login button, defaults to "Openid Connect"
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://accounts.google.com',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR PROJECT CLIENT ID>',
'secret' => '<YOUR PROJECT CLIENT SECRET>',
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback',
name: "openid_connect",
label: "Google OpenID", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://accounts.google.com",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR PROJECT CLIENT ID>",
secret: "<YOUR PROJECT CLIENT SECRET>",
redirect_uri: "https://example.com/users/auth/openid_connect/callback",
}
}
}
......@@ -173,20 +174,20 @@ Example Omnibus configuration block:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Azure OIDC', # optional label for login button, defaults to "Openid Connect"
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR APP CLIENT ID>',
'secret' => '<YOUR APP CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Azure OIDC", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR APP CLIENT ID>",
secret: "<YOUR APP CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......@@ -302,21 +303,21 @@ The trailing forward slash is required.
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Azure B2C OIDC', # optional label for login button, defaults to "Openid Connect"
'args' => {
'name' => 'openid_connect',
'scope' => ['openid'],
'response_mode' => 'query',
'response_type' => 'id_token',
'issuer' => 'https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/',
'client_auth_method' => 'query',
'discovery' => true,
'send_scope_to_token_endpoint' => true,
'client_options' => {
'identifier' => '<YOUR APP CLIENT ID>',
'secret' => '<YOUR APP CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Azure B2C OIDC", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid"],
response_mode: "query",
response_type: "id_token",
issuer: "https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/",
client_auth_method: "query",
discovery: true,
send_scope_to_token_endpoint: true,
client_options: {
identifier: "<YOUR APP CLIENT ID>",
secret: "<YOUR APP CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}]
......@@ -359,20 +360,20 @@ Example Omnibus configuration block:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Keycloak', # optional label for login button, defaults to "Openid Connect"
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR CLIENT ID>',
'secret' => '<YOUR CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://keycloak.example.com/auth/realms/myrealm",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......@@ -436,21 +437,21 @@ To use symmetric key encryption:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Keycloak', # optional label for login button, defaults to "Openid Connect"
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'jwt_secret_base64' => '<YOUR BASE64-ENCODED SECRET>',
'client_options' => {
'identifier' => '<YOUR CLIENT ID>',
'secret' => '<YOUR CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://keycloak.example.com/auth/realms/myrealm",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
jwt_secret_base64: "<YOUR BASE64-ENCODED SECRET>",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......
......@@ -58,12 +58,13 @@ application.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "auth0",
# "label" => "Provider name", # optional label for login button, defaults to "Auth0"
"args" => { client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
domain: 'YOUR_AUTH0_DOMAIN',
scope: 'openid profile email'
name: "auth0",
# label: "Provider name", # optional label for login button, defaults to "Auth0"
args: {
client_id: "YOUR_AUTH0_CLIENT_ID",
client_secret: "YOUR_AUTH0_CLIENT_SECRET",
domain: "YOUR_AUTH0_DOMAIN",
scope: "openid profile email"
}
}
]
......
......@@ -58,12 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_oauth2",
# "label" => "Provider name", # optional label for login button, defaults to "Azure AD"
"args" => {
"client_id" => "CLIENT ID",
"client_secret" => "CLIENT SECRET",
"tenant_id" => "TENANT ID",
name: "azure_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Azure AD"
args: {
client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID",
}
}
]
......@@ -74,9 +74,9 @@ As you go through the Microsoft procedure, keep the following in mind:
```yaml
- { name: 'azure_oauth2',
# label: 'Provider name', # optional label for login button, defaults to "Azure AD"
args: { client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID" } }
args: { client_id: 'CLIENT ID',
client_secret: 'CLIENT SECRET',
tenant_id: 'TENANT ID' } }
```
The `base_azure_url` is optional and can be added for different locales;
......
......@@ -87,11 +87,11 @@ to the end of the Bitbucket authorization callback URL.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "bitbucket",
# "label" => "Provider name", # optional label for login button, defaults to "Bitbucket"
"app_id" => "BITBUCKET_APP_KEY",
"app_secret" => "BITBUCKET_APP_SECRET",
"url" => "https://bitbucket.org/"
name: "bitbucket",
# label: "Provider name", # optional label for login button, defaults to "Bitbucket"
app_id: "BITBUCKET_APP_KEY",
app_secret: "BITBUCKET_APP_SECRET",
url: "https://bitbucket.org/"
}
]
```
......
......@@ -37,13 +37,13 @@ configure CAS for back-channel logout.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name"=> "cas3",
"label" => "Provider name", # optional label for login button, defaults to "Cas3"
"args"=> {
"url"=> 'CAS_SERVER',
"login_url"=> '/CAS_PATH/login',
"service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
"logout_url"=> '/CAS_PATH/logout'
name: "cas3",
label: "Provider name", # optional label for login button, defaults to "Cas3"
args: {
url: "CAS_SERVER",
login_url: "/CAS_PATH/login",
service_validate_url: "/CAS_PATH/p3/serviceValidate",
logout_url: "/CAS_PATH/logout"
}
}
]
......
......@@ -60,10 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "ding_talk",
"label" => "Provider name", # optional label for login button, defaults to "Ding Talk"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "ding_talk",
# label: "Provider name", # optional label for login button, defaults to "Ding Talk"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......@@ -72,7 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```yaml
- { name: 'ding_talk',
label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
# label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
```
......
......@@ -81,10 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "facebook",
# "label" => "Provider name", # optional label for login button, defaults to "Facebook"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "facebook",
# label: "Provider name", # optional label for login button, defaults to "Facebook"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......
......@@ -50,11 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "user:email" }
}
]
```
......@@ -64,12 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"url" => "https://github.example.com/",
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
url: "https://github.example.com/",
args: { scope: "user:email" }
}
]
```
......@@ -127,13 +127,13 @@ For Omnibus package:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"url" => "https://github.example.com/",
"verify_ssl" => false,
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
url: "https://github.example.com/",
verify_ssl: false,
args: { scope: "user:email" }
}
]
```
......
......@@ -53,11 +53,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "gitlab",
# "label" => "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "api" }
name: "gitlab",
# label: "Provider name", # optional label for login button, defaults to "GitLab.com"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "api" }
}
]
```
......@@ -67,11 +67,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "gitlab",
"label" => "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "api", "client_options" => { "site" => "https://gitlab.example.com/api/v4" } }
name: "gitlab",
label: "Provider name", # optional label for login button, defaults to "GitLab.com"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "api", client_options: { site: "https://gitlab.example.com/api/v4" } }
}
]
```
......
......@@ -79,11 +79,11 @@ On your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
# "label" => "Provider name", # optional label for login button, defaults to "Google"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "access_type" => "offline", "approval_prompt" => '' }
name: "google_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Google"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { access_type: "offline", approval_prompt: "" }
}
]
```
......
......@@ -61,32 +61,32 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc
```ruby
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'oauth2_generic',
'label' => 'Provider name', # optional label for login button, defaults to "Oauth2 Generic"
'app_id' => '<your_app_client_id>',
'app_secret' => '<your_app_client_secret>',
'args' => {
{
name: "oauth2_generic",
label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
app_id: "<your_app_client_id>",
app_secret: "<your_app_client_secret>",
args: {
client_options: {
'site' => '<your_auth_server_url>',
'user_info_url' => '/oauth2/v1/userinfo',
'authorize_url' => '/oauth2/v1/authorize',
'token_url' => '/oauth2/v1/token'
site: "<your_auth_server_url>",
user_info_url: "/oauth2/v1/userinfo",
authorize_url: "/oauth2/v1/authorize",
token_url: "/oauth2/v1/token"
},
user_response_structure: {
root_path: [],
id_path: ['sub'],
id_path: ["sub"],
attributes: {
email: 'email',
name: 'name'
email: "email",
name: "name"
}
},
authorize_params: {
scope: 'openid profile email'
scope: "openid profile email"
},
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
}
]
```
......
......@@ -57,10 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "salesforce",
# "label" => "Provider name", # optional label for login button, defaults to "Salesforce"
"app_id" => "SALESFORCE_CLIENT_ID",
"app_secret" => "SALESFORCE_CLIENT_SECRET"
name: "salesforce",
# label: "Provider name", # optional label for login button, defaults to "Salesforce"
app_id: "SALESFORCE_CLIENT_ID",
app_secret: "SALESFORCE_CLIENT_SECRET"
}
]
```
......
......@@ -98,14 +98,14 @@ as described in the section on [Security](#security). Otherwise, your users are
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
label: 'Provider name', # optional label for login button, defaults to "Saml"
name: "saml",
label: "Provider name", # optional label for login button, defaults to "Saml"
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: "https://login.example.com/idp",
issuer: "https://gitlab.example.com",
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}
}
]
......@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
name: "saml",
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: "https://login.example.com/idp",
issuer: "https://gitlab.example.com",
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
upstream_two_factor_authn_contexts:
%w(
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
)
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
label: "Company Login" # optional label for SAML login button, defaults to "Saml"
}
]
```
......
......@@ -62,10 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "twitter",
# "label" => "Provider name", # optional label for login button, defaults to "Twitter"
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "twitter",
# label: "Provider name", # optional label for login button, defaults to "Twitter"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment