archive-gh-me/docker-gitlab
1
0
Fork 0
mirror of https://github.com/sameersbn/docker-gitlab.git synced 2026-01-18 13:58:25 +00:00
Code Issues Projects Releases Wiki Activity
docker-gitlab/docs/keycloak-idp.md
Bart Joris 2ea27eef81
Add Generic OAuth2 provider (#2070) 
* Add Generic OAuth2 provider

* Add docs to test Keycloak on a local environment

* Update docs for oauth2_generic
2020-03-12 09:05:21 +01:00

2.7 KiB
Raw Blame History

Integrate Keycloak as a IDP with GitLab

In this document, we will explain how to set up Keycloak and integrate it into GitLab.

Setting up Keycloak

First, you need a client in Keycloak to authenticate with GitLab. You can start Keycloak by running docker-compose up -d keycloak.

When Keycloak is running, log in using the Administration console. You can visit the Keycloak on the local IP of your laptop.

Keycloak Home

Next, create a client.

Keycloak client

Fill in the following variables:

Keycloak client creation

Make access type confidential and enable service accounts and authorization.

Keycloak client creation

Next, click save, get the client secret generated by Keycloak and start filling out the variables for GitLab in the docker-compose file.

Keycloak client secret

    - OAUTH2_GENERIC_APP_SECRET=<your-client-secret>
    - OAUTH2_GENERIC_CLIENT_SITE=http://<your-ip-address>:10081
    - OAUTH2_GENERIC_CLIENT_USER_INFO_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/userinfo
    - OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/auth
    - OAUTH2_GENERIC_CLIENT_TOKEN_URL=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/token
    - OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=http://<your-ip-address>:10081/auth/realms/master/protocol/openid-connect/logout

Make sure the following variables are filled in the docker-compose file:

    - GITLAB_HOST='<your-ip-address>'
    ...
    - OAUTH_ENABLED=true
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=Keycloak
    - OAUTH_ALLOW_SSO=Keycloak
    - OAUTH_BLOCK_AUTO_CREATED_USERS=false
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=Keycloak

GitLab does not allow login from users in Keycloak with an empty email or name. To prevent this, you can create a new user in Keycloak or you can add email and name for the admin account.

Visit the Users tab and click on View all users to modify the Admin user.

keycloak-users

Modify the Email, First name and Last Name fields. admin-account

Deploy GitLab, Reddis and PostgreSQL by running the following command: docker-compose up -d gitlab redis postgresql.

You can now login on the local GitLab instance with with Keycloak on your local IP.

gitlab-login