Hello,
I’m currently trying to curl some request to gitlab-ee with a Jwt header generated throught azureAD, but i’m only abble to get an 401 Unauthorized.
The more I try the more i wonder if this is only possible.
My gitlab.rb configuration :
### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml','azure_oauth2','jwt']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'azure_oauth2'
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = true
# gitlab_rails['omniauth_auto_link_saml_user'] = false
gitlab_rails['omniauth_external_providers'] = ['azure_oauth2','jwt']
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_oauth2",
"args" => {
"client_id" => "my_secret_client_id",
"client_secret" => "my_secret_password",
"tenant_id" => "my_secret_tenant",
}
},
{
"name": 'jwt',
"args": {
"secret": 'my_secret_password',
"algorithm": 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
"uid_claim": 'email',
"required_claims": ['name', 'email'],
"info_maps": { "name": 'name', "email": 'email' },
"auth_url": 'https://login.microsoftonline.com/my_secret_tenant/oauth2/v2.0/authorize',
"valid_within": 3600 # 1 hour
}
}
]
The autentication throught azure by login UI is working fine