http://wiki.dersllc.com/index.php?action=history&feed=atom&title=VMware%2FGITLABVMware/GITLAB - Revision history2026-05-05T13:57:24ZRevision history for this page on the wikiMediaWiki 1.39.3http://wiki.dersllc.com/index.php?title=VMware/GITLAB&diff=20&oldid=prevAdmin: Created page with "= Setting up GITLAB with SSO = 1. vi /etc/gitlab/gitlab.rb gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' gitlab_rails['omniauth_block_auto_created_users'] = false #gitlab_r..."2023-06-02T19:09:03Z<p>Created page with "= Setting up GITLAB with SSO = 1. vi /etc/gitlab/gitlab.rb gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' gitlab_rails['omniauth_block_auto_created_users'] = false #gitlab_r..."</p>
<p><b>New page</b></p><div>= Setting up GITLAB with SSO =<br />
1. vi /etc/gitlab/gitlab.rb<br />
gitlab_rails['omniauth_enabled'] = true<br />
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']<br />
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'<br />
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']<br />
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']<br />
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'<br />
gitlab_rails['omniauth_block_auto_created_users'] = false<br />
#gitlab_rails['omniauth_auto_link_ldap_user'] = true <br />
gitlab_rails['omniauth_auto_link_saml_user'] = true<br />
#gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']<br />
#gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']<br />
gitlab_rails['omniauth_providers'] = [<br />
{<br />
"name" => "saml",<br />
"args" => {<br />
assertion_consumer_service_url: 'https://gitlab.dersllc.com/users/auth/saml/callback',<br />
idp_cert: '-----BEGIN CERTIFICATE-----<br />
MIIEDTCCAnWgAwIBAgIFX8pgs88wDQYJKoZIhvcNAQELBQAwPzEgMB4GA1UEAwwX<br />
Vk13YXJlIElkZW50aXR5IE1hbmFnZXIxDjAMBgNVBAoMBUxPR0lOMQswCQYDVQQG<br />
EwJVUzAeFw0yMDA3MDgwMDMzMDBaFw0zMDA3MDYwMDMzMDBaMD8xIDAeBgNVBAMM<br />
F1ZNd2FyZSBJZGVudGl0eSBNYW5hZ2VyMQ4wDAYDVQQKDAVMT0dJTjELMAkGA1UE<br />
BhMCVVMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCu3PrucCHvTQhQ<br />
+g/dd3t6rNwnCsq7EEZQLgj+kv3yVaBTUvlnmxALR0jR+oHKtg3/ZRvX2R82zUyW<br />
LSe3rtxyg9iQx/0oFXjIaK65/f1KsQWrHW4knXfwf/81k1sx14DVFoF953w7jKOf<br />
N9lcOMEnWD6Oi9tF1hQ/5imW1359uL0DzOVD+OOd94fkhU+yNmH6Ag+D+YTcKUt8<br />
pdkiYLw0vMqVAU6Qh47SJrd5p2HogcibxLPm4SCJ5efui1lEWjZ3MhrKrikc5ghv<br />
4AuCbt16QADHXIo+xWgpULM1LR6uDYPkELSJXqL9ME16B640u5V82U8co1JdBxe7<br />
80pXCRky5gIP7iefefqaY5UpZUmr9AhCzMzZ0H17h1F52mIyOD83ZbonNqnCcSWB<br />
fWL/cHt7siCMvuj9OVgzHDoDrHVOCoyMJrI6jBYvTmx4kMYaycRdNdFUlcle87L6<br />
KCGqi4Nj/NOnkJ3hnSiJdbqZhGpbBRDUqsPexWoZtrUBTtybDe8CAwEAAaMQMA4w<br />
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAdDeWzbXO7TAtOi42HAZK<br />
MW02hzqH1DbIghb0rmRQPpQmAEb5lxVW/Ly9M+HJEjiSqW8NZKdBBEtQYb5Uzuy0<br />
StNIrRTDZ5u1z0B8PbY4Jh7JVaxHWOLF3PU9r26NkRIV6ze4J+J1PuPbriZ+iWyM<br />
fU68tLee8E2Nru0FJ58ArZ+9OsREJ6ym9ic2URDqFedNncJlXhDbteiAIcxZU+JO<br />
C5zWOGsXUvIz76azxjC1rT1R+zkB7JwoTDHYIczQu2tHjiXmNyIdw98Ykc0B4o03<br />
2in+EqQwNli23A3MtMz2SCCoqGVyJB+kQb/DYxKqq3JEizOJ9nitxuneHoHaf/EL<br />
wnXW6KagH+Ag60E1XKnf/T3qURmL4/gJTfHln9h68X/cYrGS/+1tjson1GFpzDGe<br />
dBVmEA4UiiOObeKUywIWitaNazwpvjhg+2QZX3lCW8cm0d2FN5QxVBFscc7wsbim<br />
3x6WNVCqYPZgcWzo1WDw9uhNnI5nTXIgdSwo9PyGvAVC<br />
-----END CERTIFICATE-----',<br />
idp_sso_target_url: 'https://login.dersllc.com/SAAS/auth/federation/sso',<br />
issuer: 'ders-gitlab',<br />
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'<br />
},<br />
label: 'DERs Login'<br />
}<br />
]<br />
<br />
* Go to vIDM administrative Console<br />
* Go to Catalog Tab -> Web Apps<br />
* Click the Settings Button.<br />
* Go to the SAML Metadata Tab.<br />
* Copy the Signing Certificate and paste it in the idp_cert section of the gitlab.rb file.<br />
* Click the Identity Provider (IdP) metadata Link.<br />
* Find the following location in the metadata<br />
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" <br />
Location="https://login.dersllc.com/SAAS/auth/federation/sso"/><br />
* Copy the Location URL: https://login.dersllc.com/SAAS/auth/federation/sso and paste it in the idp_sso_target_url section of the gitlab.rb file.<br />
* Set the Issuer as a friendly name for your gitlab sevrer.<br />
* set the assertion_consumer_service_url to 'https://<gitlab_URL>/users/auth/saml/callback'<br />
* Set the label as a friendly name for the button on the sign-on page.<br />
* Save and Exit the gitlab.rb file. <br />
* Run the reconfigure command.<br />
gitlab-ctl reconfigure<br />
* After this is complete. Go back to the vIDM Administrative Console.<br />
* Go to Catalog Tab -> Web Apps<br />
* Click the New button.<br />
* Create a name for the App and click next.<br />
* make sure the Authentication Type is set to SAML 2.0<br />
* On the gitlab server run the following to get the metadata xml for the gitlab server.<br />
curl --insecure https://gitlab.dersllc.com/users/auth/saml/metadata<br />
* Copy the output and paste it into the URL/XML: section of the new app form.<br />
* Click Next and Save & Assign. <br />
* Assign users to the App and attempt to login!</div>Admin