Hi,
I am trying to set up the OmniAuth Azure integration in Gitlab, and I can’t get it to work right.
I followed all the steps in https://docs.gitlab.com/ce/integration/azure.html and added the follwing configuration in gitlab.rb:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_oauth2']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_oauth2",
"args" => {
"client_id" => "[REDACTED]",
"client_secret" => "[REDACTED]",
"tenant_id" => "[REDACTED]"
}
}
]
The login screen now shows a Windows/Azure icon and if I click it, I am redirected to the Azure AD login page. When I log in, Azure asks me if it’s OK for Gitlab to access my user profile. I click ‘OK’, and I get redirected back to Gitlab. So far, so good. I can see that my browser is accessing the OAuth callback URL, which I have set to
https://gitlab.mydomain/users/auth/azure_oauth2/callback
This request returns a 302 redirect back to https://gitlab.mydomain/users/sign_in. I am not logged in and no user has been created in Gitlab. Nothing related is logged in production.log.
So it seems the basic OAuth mechanism works as it should, except Gitlab doesn’t create a user and log it in. I am out of ideas of where to look.
BTW, if I set
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'azure_oauth2'
I end up in a redirect loop, but that sounds kind of logical considering that logging in doesn’t work.
Any ideas about what could be wrong with my configuration?
Best regards,
Martijn.