diff --git a/Changelog.md b/Changelog.md index cb204b48..577e1d24 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added OAUTH_ALLOW_SSO configuration option - added github oauth configuration support - added twitter oauth configuration support - added google oauth configuration support diff --git a/README.md b/README.md index d2f364d5..76c064fe 100644 --- a/README.md +++ b/README.md @@ -635,6 +635,8 @@ When you change the sub URI path, you need to recompile all precompiled assets. GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and other popular services. Configuring OmniAuth does not prevent standard GitLab authentication or LDAP (if configured) from continuing to work. Users can choose to sign in using any of the configured mechanisms. +Refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/omniauth.html) for additional information. + #### Google To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/google.html) for the procedure to generate the client ID and secret key with google. @@ -730,6 +732,7 @@ Below is the complete list of available options that can be used to customize yo - **LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN**: If enabled, GitLab will ignore everything after the first '@' in the LDAP username submitted by the user on login. Defaults to false if LDAP_UID is userPrincipalName, else true. - **LDAP_BASE**: Base where we can search for users. No default. - **LDAP_USER_FILTER**: Filter LDAP users. No default. +- **OAUTH_ALLOW_SSO**: This allows users to login without having a user account first. User accounts will be created automatically when authentication was successful. Defaults to false. - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults. diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index 256474c5..18850e2f 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -166,7 +166,7 @@ production: &base # CAUTION! # This allows users to login without having a user account first (default: false). # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: false + allow_single_sign_on: {{OAUTH_ALLOW_SSO}} # Locks down those users until they have been cleared by the admin (default: true). block_auto_created_users: true diff --git a/assets/init b/assets/init index fcf668da..321dec02 100755 --- a/assets/init +++ b/assets/init @@ -72,6 +72,8 @@ LDAP_USER_FILTER=${LDAP_USER_FILTER:-} REDMINE_URL=${REDMINE_URL:-} JIRA_URL=${JIRA_URL:-} +OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false} + OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} @@ -463,6 +465,7 @@ fi OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml +sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i /home/git/gitlab/config/gitlab.yml # configure relative_url_root if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then