Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

<BEGIN CERTIFICATE><END CERTIFICATE> 형식으로 입력

Gitlab에서 지원하는 알고리즘은 sha1이므로 해당 알고리즘 선택 후 fingerprint 생성

GitLab

SAML 설정

1. gitlab.rb 수정

Code Block
languageruby
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "saml",
     "label" => "<보여지는 버튼 이름>",
     "groups_attribute" => "roles",
     "external_groups" => ['<roles tab에 구성한 external 이름'],
     "args" => {
      assertion_consumer_service_url: '<gitlab url>/users/auth/saml/callback',
      idp_cert_fingerprint: '생성한 fingerprint',
      idp_sso_target_url: '<keycloak url>/auth/realms/<realm 이름>/protocol/saml/clients/<client 이름>',
      allowed_clock_drift: 5,
      issuer: '<client 이름>',
      attribute_statements: {
           first_name: ['first_name'],
           last_name: ['last_name'],
           name: ['name'],
           username: ['name'],
           email: ['email'] },
      name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
      }
  }
]

...