Commit a5606156 authored by Evan Read's avatar Evan Read

Merge branch 'mjang-update-omniauth-notes' into 'master'

Clarify that OmniAuth needs enabling only for < 11.4

See merge request gitlab-org/gitlab!25720
parents 37bf51ac fa7d8b95
# Integrate your GitLab server with Bitbucket Cloud
NOTE: **Note:**
You need to [enable OmniAuth](omniauth.md) in order to use this.
Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
earlier version, you'll need to explicitly enable it.
Import projects from Bitbucket.org and login to your GitLab instance with your
Bitbucket.org account.
......
# SAML OmniAuth Provider
> This topic is for SAML on self-managed GitLab instances. For SAML on GitLab.com, see [SAML SSO for GitLab.com Groups](../user/group/saml_sso/index.md).
Note that:
NOTE: **Note:**
You need to [enable OmniAuth](omniauth.md) in order to use this.
- SAML OmniAuth Provider is for SAML on self-managed GitLab instances. For SAML on
GitLab.com, see [SAML SSO for GitLab.com Groups](../user/group/saml_sso/index.md).
- Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
earlier version, you'll need to explicitly enable it.
GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows
GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as
......
......@@ -16,7 +16,7 @@ The following changes are needed to enable Shibboleth:
1. Protect OmniAuth Shibboleth callback URL:
```
```apache
<Location /users/auth/shibboleth/callback>
AuthType shibboleth
ShibRequestSetting requireSession 1
......@@ -36,7 +36,7 @@ The following changes are needed to enable Shibboleth:
1. Exclude Shibboleth URLs from rewriting. Add `RewriteCond %{REQUEST_URI} !/Shibboleth.sso` and `RewriteCond %{REQUEST_URI} !/shibboleth-sp`. Config should look like this:
```
```apache
# Apache equivalent of Nginx try files
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
......@@ -46,8 +46,12 @@ The following changes are needed to enable Shibboleth:
RequestHeader set X_FORWARDED_PROTO 'https'
```
1. Edit `/etc/gitlab/gitlab.rb` configuration file to enable OmniAuth and add
Shibboleth as an OmniAuth provider. User attributes will be sent from the
**NOTE:**
Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
earlier version, you'll need to explicitly enable it in `/etc/gitlab/gitlab.rb`.
1. In addition, add Shibboleth to `/etc/gitlab/gitlab.rb` as an OmniAuth provider.
User attributes will be sent from the
Apache reverse proxy to GitLab as headers with the names from the Shibboleth
attribute mapping. Therefore the values of the `args` hash
should be in the form of `"HTTP_ATTRIBUTE"`. The keys in the hash are arguments
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment