Gitlab采用Omniauth框架支持多种认证方式, 在开发SSO系统过程中笔者采用CAS认证的方式打通Gitlab系统与SSO. 采用CAS协议认证需要了解CAS协议交互过程及接口对应的数据结构,可参考上一篇文章CAS协议
#Gitlab配置
- 编辑Gitlab配置文件(/etc/gitlab/gitlab.rb)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
| gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3'] gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3' gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3'] gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3' gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_external_providers'] = ['cas3'] gitlab_rails['omniauth_providers'] = [ { "name" => "cas3", "label"=> "SSO", "args" => { "url" => "http://192.168.0.2:8080", "login_url" => "/login", "service_validate_url" => "/verify", "logout_url" => "/logout" } } ]
|
#Gitlab Docker配置
这里推荐使用docker搭建gitlab服务便于测试
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| #gitlab.yml version: '2' services: gitlab: image: 'gitlab/gitlab-ce' restart: always container_name: gitlab environment: TZ: 'Asia/Shanghai' GITLAB_OMNIBUS_CONFIG: | #external_url 'http://gitlab.example.com' gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3'] gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3' gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3'] gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3' gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_external_providers'] = ['cas3'] gitlab_rails['omniauth_providers'] = [{"name" => "cas3","label"=> "SSO","args" => {"url" => "http://192.168.0.2:8080","login_url" => "/login","service_validate_url" => "/verify","logout_url" => "/logout"}}] ports: - "80:80" - "443:443" - "10022:22" volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab'
|
#参考
- [gitlab docker环境变量] https://docs.gitlab.com/omnibus/settings/environment-variables.html
- [gitlab支持CAS认证] https://gitlab.com/help/integration/cas.md
- [gitlab认证组件omniauth] https://docs.gitlab.com/ce/integration/omniauth.html