Commit 6dcbf1f5 authored by Stan Hu's avatar Stan Hu

Fix OpenID Connect documentation

Many users were unable to get logins working with OpenID Connect because
of a missing `name` argument in the configuration. This resulted in 404s
immediately after attempting to login. This describes the workaround
mentioned in
https://gitlab.com/gitlab-org/gitlab-ce/issues/62208#note_178774809.

This also adds an example profile for using Google.
parent 40a9d054
...@@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to ...@@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to
{ 'name' => 'openid_connect', { 'name' => 'openid_connect',
'label' => '<your_oidc_label>', 'label' => '<your_oidc_label>',
'args' => { 'args' => {
"name' => 'openid_connect',
'scope' => ['openid','profile'], 'scope' => ['openid','profile'],
'response_type' => 'code', 'response_type' => 'code',
'issuer' => '<your_oidc_url>', 'issuer' => '<your_oidc_url>',
...@@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to ...@@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to
- { name: 'openid_connect', - { name: 'openid_connect',
label: '<your_oidc_label>', label: '<your_oidc_label>',
args: { args: {
name: 'openid_connect',
scope: ['openid','profile'], scope: ['openid','profile'],
response_type: 'code', response_type: 'code',
issuer: '<your_oidc_url>', issuer: '<your_oidc_url>',
...@@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula ...@@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula
Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to
sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user
will be redirected to GitLab and will be signed in. will be redirected to GitLab and will be signed in.
## Example configurations
The following configurations illustrate how to set up OpenID with
different providers with Omnibus GitLab.
### Google
See the [Google
documentation](https://developers.google.com/identity/protocols/OpenIDConnect)
for more details:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Google OpenID',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://accounts.google.com',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR PROJECT CLIENT ID>',
'secret' => '<YOUR PROJECT CLIENT SECRET>',
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback',
}
}
}
```
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment