I want to deploy an instance of Gitlab for my team and would like to use G Suite as the sole identity provider. I have deployed Gitlab CE on a DO droplet, and updated the software to the latest version available on the repository (10.4.2 at this time).
I have successfully set up a new SAML app for Google and followed the [OmniAuth SAML guide] to perform the integration.
I have got the following settings in my gitlab.rb:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: 'MY_IDP_CERT_FINGERPRINT',
idp_sso_target_url: 'MY_IDP_SSO_TARGET_URL',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label: 'Company Login'
}
]
With this, I have got a field in my Gitlab sign-in page which successfully directs me to a Google SSO page where I can put my credentials. However, the sign-in fails to complete with a 422 and the following error in the logs:
(SAML) Error saving user MY_USER@MY_DOMAIN (): ["Email can't be blank", "Email domain is not authorized for sign-up", "Notification email can't be blank", "Notification email is invalid"]
No idea how to move on from this. I have looked online for assistance on Gitlab + G Suite integration but failed to find further information than what’s in the documentation. Can someone help with this please?