Integration with GitLab
Interlock Configuration
- Log into Interlock.
- Go to
SSO Applications
. - Create an application with the following details:
- Name:
Proxmox VE
- Enabled:
True
- Redirect URI:
https://gitlab.example.com/users/auth/openid_connect/callback
- Response Types:
code
- Scopes: Default (
openid
,profile
,email
,groups
)
- Name:
- Once the
SSO Application
has been created, open it’s View dialog to copy theClient ID
andClient Secret
.
GitLab CE/EE Configuration
Within your /etc/gitlab/gitlab.rb
config file, set the following parameters:
## INTERLOCK SSO
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
### Set this if you wish to auto-sign-in
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_auto_link_user'] = ["openid_connect"]
gitlab_rails['omniauth_providers'] = [
{
name: 'openid_connect',
label: 'Interlock SSO',
args: {
name: 'openid_connect',
scope: ['openid','profile','email'],
response_type: 'code',
issuer: 'https://interlock.example.com/openid',
discovery: true,
client_auth_method: 'query',
uid_field: 'preferred_username',
send_scope_to_token_endpoint: 'true',
pkce: true,
client_options: {
identifier: 'your-client-id',
secret: 'your-client-secret',
redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback'
}
}
}
]