Versions Compared

Old Version 9

changes.mady.by.user Stephen Lovell

Saved on

compared with

New Version 10

changes.mady.by.user Stephen Lovell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

# STEP 3
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
 
# STEP 4
gitlab_rails['omniauth_auto_link_saml_user'] = true
 
# STEP 6
gitlab_rails['omniauth_providers'] = [
   {
      name: 'saml',
      label: 'eduTEAMS',
      args: {
         assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
         idp_cert_fingerprint: '72:8A:6C:6B:63:35:3F:E0:BF:70:8D:41:0E:B7:02:CF:C5:86:53:24',
         idp_sso_target_url: 'https://proxy.eduteams.org/saml2sp/sso/redirect',
         issuer: 'https://example.gitlab.com',
         name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
         uid: ["urn:oasis:names:tc:SAML:attribute:subject-id"],
         email: ["urn:oid:0.9.2342.19200300.100.1.3",],
         first_name: ["urn:oid:2.5.4.42"],
         last_name: ["urn:oid:2.5.4.4"]
      },

             # STEP(s) "Required Groups", "Admin Groups", "Auditor Groups"
      groups_attribute: 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',
      # Only the following groups in the Test_VO will be able to access this Gitlab instance:
      #
      # - Developers
      # - Admins:Gitlab
      # - Admins:Gitlab:Auditors
      required_groups: [
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Developers#eduteams.org',
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Developers#eduteams.org',
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab#eduteams.org',
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admin:Gitlab:Auditors#eduteams.org',
      ],
      # Users from the following groups in the Test_VO will access this Gitlab instance as admins 
      #
      # - Admins:Gitlab:
      admin_groups: [
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab#eduteams.org',
      ],
      # Users from the following groups in the Test_VO will access this Gitlab instance as auditors:
      #
      # - Admins:Gitlab:Auditors
      audit_groups: [
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab:Auditors#eduteams.org',
      ],
      # Users from the following gorup in the Test_VO will access the Gitlab instance external users
      #
      # - Guests
      # - Contractors
      external_groups: [
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Guests#eduteams.org',
          'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Conractors#eduteams.org',

             ],
      }
   }
]

...