We have Google OAuth setup in our GitLab CE 8.17.2 instance. Our organization’s users are all Google Accounts so if was an easy decision to set up Google OAuth.
Google OAuth is the only OAuth provider we have set.
We have sent email to external users to sign up for an account in our GitLab CE instance. Before we turned on/configured OAuth, these external users would see the main GitLab login/register page.
When that external user attempts to access our site, they are presented with the Google Login Page and no way to get around it to have the main Login/Register page appear for GitLab. There is no “Skip” or “Back” or “Cancel” links to get around this Google login page. The external user would have to create a Google account just to register which is confusing to me.
We have had external users try different browsers with the cache completely cleared (history, passwords, auto complete forms, etc.) – Firefox, IE, Chrome – and they still get the Google login page.
I thought that the main GitLab Login/Register page would appear where you can login or register, and the Google logo would be visible to use as the authenticator. From how it works for us, you have to have a Google Account to access and cannot get around the Google login page.
Here are the gitlab.rb OAuth settings:
## For setting up omniauth
## see https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['google_oauth2']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'google_oauth2'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "(the app id)",
"app_secret" => "(the app secret)",
"args" => { "access_type" => "offline", "approval_prompt" => "" }
}
]
If there is a setting we are missing, please let us know. If not, I get the feeling Google OAuth may not work for us.