Gitlab配置CAS认证

devops

发布于:2019年5月26日
次浏览

Gitlab采用Omniauth框架支持多种认证方式, 在开发SSO系统过程中笔者采用CAS认证的方式打通Gitlab系统与SSO. 采用CAS协议认证需要了解CAS协议交互过程及接口对应的数据结构,可参考上一篇文章CAS协议

#Gitlab配置

  • 编辑Gitlab配置文件(/etc/gitlab/gitlab.rb)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
### OmniAuth Settings
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_external_providers'] = ['cas3']
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "cas3", #使用CAS3协议
     "label"=> "SSO",  #Gitlab登陆页面显示认证名称
     "args" => {
        "url" => "http://192.168.0.2:8080", #SSO地址
        "login_url" => "/login", #SSO登陆地址
        "service_validate_url" => "/verify", #SSO授权接口
        "logout_url" => "/logout" #SSO退出接口
     }
   }
]
  • 重加载配置文件
1
#gitlab-ctl reconfigure
  • 重启服务
1
#gitlab-ctl restart

#Gitlab Docker配置

这里推荐使用docker搭建gitlab服务便于测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#gitlab.yml
version: '2'
services:
    gitlab:
      image: 'gitlab/gitlab-ce'
      restart: always
      container_name: gitlab
      environment:
        TZ: 'Asia/Shanghai'
        GITLAB_OMNIBUS_CONFIG: |
          #external_url 'http://gitlab.example.com'
          gitlab_rails['omniauth_enabled'] = true
          gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
          gitlab_rails['omniauth_sync_email_from_provider'] = 'cas3'
          gitlab_rails['omniauth_sync_profile_from_provider'] = ['cas3']
          gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
          gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'cas3'
          gitlab_rails['omniauth_block_auto_created_users'] = false
          gitlab_rails['omniauth_external_providers'] = ['cas3']
          gitlab_rails['omniauth_providers'] = [{"name" => "cas3","label"=> "SSO","args" => {"url" => "http://192.168.0.2:8080","login_url" => "/login","service_validate_url" => "/verify","logout_url" => "/logout"}}]
      ports:
        - "80:80"
        - "443:443"
        - "10022:22"
      volumes:
        - '/srv/gitlab/config:/etc/gitlab'
        - '/srv/gitlab/logs:/var/log/gitlab'
        - '/srv/gitlab/data:/var/opt/gitlab'

#参考

  1. [gitlab docker环境变量] https://docs.gitlab.com/omnibus/settings/environment-variables.html
  2. [gitlab支持CAS认证] https://gitlab.com/help/integration/cas.md
  3. [gitlab认证组件omniauth] https://docs.gitlab.com/ce/integration/omniauth.html

博客内容遵循 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 协议

本文永久链接是:https://ushell.me/2019/05/26/Gitlab%E9%85%8D%E7%BD%AECAS%E8%AE%A4%E8%AF%81/

更新于:2019年5月26日

cas

sso

gitlab

评论