The scenario I’m trying to solve for is this: I have GitLab running behind an identity-aware proxy which authenticates the user from an IdP before allowing access. The proxy can pass the identity to GitLab in the headers.
I need to configure GitLab to read that header, validate it against the jwks
signing key provided by the auth server, and create/associate users based on the claims provided therein.
I’ve looked into the JWT Omniauth provider, but it doesn’t seem to be designed for this use case.
Any help would be appreciated.