mirror of
https://github.com/sameersbn/docker-gitlab.git
synced 2026-01-18 13:58:25 +00:00
Tested support for azure_activedirectory_v2
This commit is contained in:
Ivan Baranov
parent
73a3596b29
commit
8b9ca622f9
18
README.md
18
README.md
@ -689,6 +689,8 @@ Once you have the Client ID, Client secret and Tenant ID generated, configure th
|
||||
|
||||
For example, if your Client ID is `xxx`, the Client secret is `yyy` and the Tenant ID is `zzz`, then adding `--env 'OAUTH_AZURE_API_KEY=xxx' --env 'OAUTH_AZURE_API_SECRET=yyy' --env 'OAUTH_AZURE_TENANT_ID=zzz'` to the docker run command enables support for Microsoft Azure OAuth.
|
||||
|
||||
Also you can configure v2 endpoint (`azure_activedirectory_v2`) by using `OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID`, `OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET` and `OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID` environment variables. Optionally you can change label of login button using the `OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL`.
|
||||
|
||||
##### Generic OAuth2
|
||||
|
||||
To enable the Generic OAuth2 provider, you must register your application with your provider. You also need to confirm OAuth2 provider app's ID and secret, the client options and the user's response structure.
|
||||
@ -2194,6 +2196,22 @@ Azure Client secret. No defaults.
|
||||
|
||||
Azure Tenant ID. No defaults.
|
||||
|
||||
#### `OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID`
|
||||
|
||||
Client ID for oauth provider `azure_activedirectory_v2`. If not set, corresponding oauth provider configuration will be removed from `gitlab.yml` during container startup. No defaults.
|
||||
|
||||
#### `OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET`
|
||||
|
||||
Client secret for oauth provider `azure_activedirectory_v2`. If not set, corresponding oauth provider configuration will be removed from `gitlab.yml` during container startup. No defaults.
|
||||
|
||||
#### `OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID`
|
||||
|
||||
Tenant ID for oauth provider `azure_activedirectory_v2`. If not set, corresponding oauth provider configuration will be removed from `gitlab.yml` during container startup. No defaults.
|
||||
|
||||
#### `OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL`
|
||||
|
||||
Optional label for login button for `azure_activedirectory_v2`. Defaults to `Azure AD v2`
|
||||
|
||||
##### `OAUTH2_GENERIC_APP_ID`
|
||||
|
||||
Your OAuth2 App ID. No defaults.
|
||||
|
||||
@ -1023,6 +1023,12 @@ production: &base
|
||||
client_id: '{{OAUTH_AZURE_API_KEY}}',
|
||||
client_secret: '{{OAUTH_AZURE_API_SECRET}}',
|
||||
tenant_id: '{{OAUTH_AZURE_TENANT_ID}}' } }
|
||||
- { name: 'azure_activedirectory_v2',
|
||||
label: '{{OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL}}',
|
||||
args: {
|
||||
client_id: '{{OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID}}',
|
||||
client_secret: '{{OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET}}',
|
||||
tenant_id: '{{OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID}}' } }
|
||||
|
||||
# SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
|
||||
# cas3:
|
||||
|
||||
@ -479,6 +479,12 @@ OAUTH_AZURE_API_KEY=${OAUTH_AZURE_API_KEY:-}
|
||||
OAUTH_AZURE_API_SECRET=${OAUTH_AZURE_API_SECRET:-}
|
||||
OAUTH_AZURE_TENANT_ID=${OAUTH_AZURE_TENANT_ID:-}
|
||||
|
||||
## AZURE Active Directory V2 endpoint
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL:-'Azure AD v2'}
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID:-}
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET:-}
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID=${OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID:-}
|
||||
|
||||
### SAML
|
||||
case $GITLAB_HTTPS in
|
||||
true)
|
||||
|
||||
@ -688,6 +688,22 @@ gitlab_configure_oauth_azure() {
|
||||
fi
|
||||
}
|
||||
|
||||
gitlab_configure_oauth_azure_ad_v2() {
|
||||
# we don't check if OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL because it is optional
|
||||
if [[ -n ${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID} && \
|
||||
-n ${OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET} && \
|
||||
-n ${OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID} ]]; then
|
||||
echo "Configuring gitlab::oauth::azure_activedirectory_v2..."
|
||||
update_template ${GITLAB_CONFIG} \
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_LABEL \
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_ID \
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_CLIENT_SECRET \
|
||||
OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID
|
||||
else
|
||||
exec_as_git sed -i "/name: 'azure_activedirectory_v2'/,/{{OAUTH_AZURE_ACTIVEDIRECTORY_V2_TENANT_ID}}/d" ${GITLAB_CONFIG}
|
||||
fi
|
||||
}
|
||||
|
||||
gitlab_configure_oauth() {
|
||||
echo "Configuring gitlab::oauth..."
|
||||
|
||||
@ -704,6 +720,7 @@ gitlab_configure_oauth() {
|
||||
gitlab_configure_oauth_crowd
|
||||
gitlab_configure_oauth_auth0
|
||||
gitlab_configure_oauth_azure
|
||||
gitlab_configure_oauth_azure_ad_v2
|
||||
|
||||
OAUTH_ENABLED=${OAUTH_ENABLED:-false}
|
||||
update_template ${GITLAB_CONFIG} \
|
||||
@ -716,7 +733,7 @@ gitlab_configure_oauth() {
|
||||
OAUTH_EXTERNAL_PROVIDERS
|
||||
|
||||
case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in
|
||||
cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|oauth2_generic|$OAUTH2_GENERIC_NAME)
|
||||
cas3|google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd|azure_oauth2|azure_activedirectory_v2|oauth2_generic|$OAUTH2_GENERIC_NAME)
|
||||
update_template ${GITLAB_CONFIG} OAUTH_AUTO_SIGN_IN_WITH_PROVIDER
|
||||
;;
|
||||
*)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user