- Open your Keycloak realm.
- Import
keycloak-gitlab.json
. - Fix URLs of the client.
- Edit
gitlab.rb
and boot up your GitLab. - Click the
SAML
button.
gitlab_rails['omniauth_enabled'] = true | |
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] | |
gitlab_rails['omniauth_block_auto_created_users'] = false | |
gitlab_rails['omniauth_auto_link_saml_user'] = true | |
gitlab_rails['omniauth_providers'] = [ | |
{ | |
name: 'saml', | |
label: 'SAML', | |
args: { | |
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', | |
idp_cert: "-----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n", | |
idp_sso_target_url: 'https://keycloak.example.com/auth/realms/hello/protocol/saml', | |
issuer: 'https://gitlab.example.com', | |
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', | |
attribute_statements: { username: ['username'] } | |
} | |
} | |
] |
{ | |
"clients": [ | |
{ | |
"clientId": "https://gitlab.example.com", | |
"rootUrl": "https://gitlab.example.com", | |
"enabled": true, | |
"redirectUris": [ | |
"https://gitlab.example.com/*" | |
], | |
"protocol": "saml", | |
"attributes": { | |
"saml.assertion.signature": "false", | |
"saml.force.post.binding": "true", | |
"saml.multivalued.roles": "false", | |
"saml.encrypt": "false", | |
"saml.server.signature": "true", | |
"saml.server.signature.keyinfo.ext": "false", | |
"saml.signature.algorithm": "RSA_SHA256", | |
"saml_force_name_id_format": "false", | |
"saml.client.signature": "false", | |
"saml.authnstatement": "true", | |
"saml_name_id_format": "username", | |
"saml.onetimeuse.condition": "false", | |
"saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#" | |
}, | |
"protocolMappers": [ | |
{ | |
"name": "email", | |
"protocol": "saml", | |
"protocolMapper": "saml-user-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"user.attribute": "email", | |
"attribute.name": "email" | |
} | |
}, | |
{ | |
"name": "first_name", | |
"protocol": "saml", | |
"protocolMapper": "saml-user-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"user.attribute": "firstName", | |
"attribute.name": "first_name" | |
} | |
}, | |
{ | |
"name": "last_name", | |
"protocol": "saml", | |
"protocolMapper": "saml-user-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"user.attribute": "lastName", | |
"attribute.name": "last_name" | |
} | |
}, | |
{ | |
"name": "username", | |
"protocol": "saml", | |
"protocolMapper": "saml-user-property-mapper", | |
"consentRequired": false, | |
"config": { | |
"user.attribute": "username", | |
"attribute.name": "username" | |
} | |
} | |
] | |
} | |
] | |
} |