Merge branch 'mjang-update-omniauth-notes' into 'master'

Clarify that OmniAuth needs enabling only for < 11.4 See merge request gitlab-org/gitlab!25720

Merge branch 'mjang-update-omniauth-notes' into 'master'
Clarify that OmniAuth needs enabling only for < 11.4 See merge request gitlab-org/gitlab!25720
a5606156 · Evan Read · 37bf51ac · fa7d8b95 · a5606156 · a5606156
Commit a5606156 authored Feb 26, 2020 by Evan Read
Showing with 15 additions and 8 deletions

doc/integration/bitbucket.md doc/integration/bitbucket.md +2 -1

doc/integration/saml.md doc/integration/saml.md +5 -3

doc/integration/shibboleth.md doc/integration/shibboleth.md +8 -4

No files found.
--- a/doc/integration/bitbucket.md
+++ b/doc/integration/bitbucket.md
 # Integrate your GitLab server with Bitbucket Cloud

 NOTE: **Note:**
-You need to [enable OmniAuth](omniauth.md) in order to use this.
+Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
+earlier version, you'll need to explicitly enable it.

 Import projects from Bitbucket.org and login to your GitLab instance with your
 Bitbucket.org account.

--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
 # SAML OmniAuth Provider

-> This topic is for SAML on self-managed GitLab instances. For SAML on GitLab.com, see [SAML SSO for GitLab.com Groups](../user/group/saml_sso/index.md).
+Note that:

-NOTE: **Note:**
-You need to [enable OmniAuth](omniauth.md) in order to use this.
+- SAML OmniAuth Provider is for SAML on self-managed GitLab instances. For SAML on
+  GitLab.com, see [SAML SSO for GitLab.com Groups](../user/group/saml_sso/index.md).
+- Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
+  earlier version, you'll need to explicitly enable it.

 GitLab can be configured to act as a SAML 2.0 Service Provider (SP). This allows
 GitLab to consume assertions from a SAML 2.0 Identity Provider (IdP) such as

--- a/doc/integration/shibboleth.md
+++ b/doc/integration/shibboleth.md
@@ -16,7 +16,7 @@ The following changes are needed to enable Shibboleth:

 1. Protect OmniAuth Shibboleth callback URL:

-   ```
+   ```apache
   <Location /users/auth/shibboleth/callback>
     AuthType shibboleth
     ShibRequestSetting requireSession 1
@@ -36,7 +36,7 @@ The following changes are needed to enable Shibboleth:

 1. Exclude Shibboleth URLs from rewriting. Add `RewriteCond %{REQUEST_URI} !/Shibboleth.sso` and `RewriteCond %{REQUEST_URI} !/shibboleth-sp`. Config should look like this:

-   ```
+   ```apache
   # Apache equivalent of Nginx try files
   RewriteEngine on
   RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
@@ -46,8 +46,12 @@ The following changes are needed to enable Shibboleth:
   RequestHeader set X_FORWARDED_PROTO 'https'
   ```

-1. Edit `/etc/gitlab/gitlab.rb` configuration file to enable OmniAuth and add
-   Shibboleth as an OmniAuth provider. User attributes will be sent from the
+   **NOTE:**
+   Starting from GitLab 11.4, OmniAuth is enabled by default. If you're using an
+   earlier version, you'll need to explicitly enable it in `/etc/gitlab/gitlab.rb`.
+
+1. In addition, add Shibboleth to `/etc/gitlab/gitlab.rb` as an OmniAuth provider.
+   User attributes will be sent from the
   Apache reverse proxy to GitLab as headers with the names from the Shibboleth
   attribute mapping. Therefore the values of the `args` hash
   should be in the form of `"HTTP_ATTRIBUTE"`. The keys in the hash are arguments