Gitlab采用Omniauth框架支持多种认证方式, 在开发SSO系统过程中笔者采用CAS认证的方式打通Gitlab系统与SSO. 采用CAS协议认证需要了解CAS协议交互过程及接口对应的数据结构,可参考上一篇文章CAS协议

#Gitlab配置

  • 编辑Gitlab配置文件(/etc/gitlab/gitlab.rb)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
### OmniAuth Settings
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_external_providers'] = ['cas3']
gitlab_rails['omniauth_providers'] = [
{
"name" => "cas3", #使用CAS3协议
"label"=> "SSO", #Gitlab登陆页面显示认证名称
"args" => {
"url" => "http://192.168.0.2:8080", #SSO地址
"login_url" => "/login", #SSO登陆地址
"service_validate_url" => "/verify", #SSO授权接口
"logout_url" => "/logout" #SSO退出接口
}
}
]
  • 重加载配置文件
1
#gitlab-ctl reconfigure
  • 重启服务
1
#gitlab-ctl restart

#Gitlab Docker配置

这里推荐使用docker搭建gitlab服务便于测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#gitlab.yml
version: '2'
services:
gitlab:
image: 'gitlab/gitlab-ce'
restart: always
container_name: gitlab
environment:
TZ: 'Asia/Shanghai'
GITLAB_OMNIBUS_CONFIG: |
#external_url 'http://gitlab.example.com'
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_external_providers'] = ['cas3']
gitlab_rails['omniauth_providers'] = [{"name" => "cas3","label"=> "SSO","args" => {"url" => "http://192.168.0.2:8080","login_url" => "/login","service_validate_url" => "/verify","logout_url" => "/logout"}}]
ports:
- "80:80"
- "443:443"
- "10022:22"
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'

#参考

  1. [gitlab docker环境变量] https://docs.gitlab.com/omnibus/settings/environment-variables.html
  2. [gitlab支持CAS认证] https://gitlab.com/help/integration/cas.md
  3. [gitlab认证组件omniauth] https://docs.gitlab.com/ce/integration/omniauth.html

评论