I am configuring my Gitlab instance with Omniauth to use a Keycloak server as an Oauth2 provider
after inputing username/pwd on keycloak and redirect back to gitlab.
the git lab UI show “You need to sign in or sign up before continuing.”
the gitlab.rb:
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘saml’,‘oauth2’]
gitlab_rails[‘omniauth_block_auto_created_users’] = false
{
‘name’ => ‘oauth2’,
‘app_id’ => ‘gitlab_oauth’,
‘app_secret’ => ‘****’,
‘args’ => {
‘client_options’: {
‘site’ => ‘https://keycloak.willy.com:8443’,
‘user_info_url’ => ‘/auth/realms/pangu/protocol/openid-connect/userinfo’,
‘authorize_url’ => ‘/auth/realms/pangu/protocol/openid-connect/auth’,
‘token’ => ‘/auth/realms/test/protocol/openid-connect/token’
},
‘user_response_structure’:{
attribue: { nickname: ‘preferred_username’},
id_path:‘preferred_username’
},
‘name’: ‘oauth’,
‘strategy_class’: ‘OmniAuth::Strategies::OAuth2Generic’,
‘redirect_url’: ‘https://gitlab.willy.com/users/auth/oauth2_generic/callback’
}
}
- I can see the oauth button on the index. click it, the page will redirect to keycloak
- input user credential on keycloak. click login
- the web will redirect back to gitlab
- UI show: You need to sign in or sign up before continuing.
- the production log:
Redirected to https://gitlab.willy.com/users/sign_in
Filter chain halted as :redirect_unlogged_user rendered or redirected
Completed 302 Found in 27ms (ActiveRecord: 0.7ms | Elasticsearch: 0.0ms)
Started GET “/users/sign_in” for 172.16.106.91 at 2020-01-14 10:37:08 +0000
Processing by SessionsController#new as HTML
Completed 200 OK in 647ms (Views: 275.4ms | ActiveRecord: 17.4ms | Elasticsearch: 0.0ms)
Started POST “/users/auth/oauth” for 172.16.106.91 at 2020-01-14 10:37:13 +0000
Processing by Gitlab::RequestForgeryProtection::Controller#index as HTML
Parameters: {“authenticity_token”=>"[FILTERED]"}
Completed 200 OK in 1ms (ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET “/-/metrics” for 127.0.0.1 at 2020-01-14 10:37:17 +0000
Processing by MetricsController#index as HTML
Completed 200 OK in 6ms (Views: 0.4ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET “/users/auth/oauth2_generic/callback?state=d5834a26d8c58d1d68a0e193e885c6919c632ddb7b974e06&session_state=767c9018-8f8d-4bf6-a8d0-64546e3b308c&code=[FILTERED]” for 172.16.106.91 at 2020-01-14 10:37:20 +0000
Processing by ApplicationController#route_not_found as HTML
Parameters: {“state”=>“d5834a26d8c58d1d68a0e193e885c6919c632ddb7b974e06”, “session_state”=>“767c9018-8f8d-4bf6-a8d0-64546e3b308c”, “code”=>"[FILTERED]", “unmatched_route”=>“users/auth/oauth2_generic/callback”}
Redirected to https://gitlab.willy.com/users/sign_in
Completed 302 Found in 270ms (ActiveRecord: 0.0ms | Elasticsearch: 0.0ms)
Started GET “/users/sign_in” for 172.16.106.91 at 2020-01-14 10:37:20 +0000
Processing by SessionsController#new as HTML
Completed 200 OK in 29ms (Views: 19.5ms | ActiveRecord: 1.3ms | Elasticsearch: 0.0ms)