Migrate omniauth from shibboleth to saml

Hi,

We currently have our gitlab configured with shibboleth authentication through omniauth:

gitlab_rails[‘omniauth_providers’] = [
{
“name” => ‘shibboleth’,
“args” => {
“shib_session_id_field” => “HTTP_SHIB_SESSION_ID”,
“shib_application_id_field” => “HTTP_SHIB_APPLICATION_ID”,
“fail_with_empty_uid” => true,
“uid_field” => “HTTP_UID”,
“name_field” => “HTTP_CN”,
“info_fields” => { “email” => “HTTP_MAIL” }
},
“label” => “Company Login”,
}

We also have configured:
gitlab_rails[‘omniauth_enabled’] = true
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘shibboleth’]
gitlab_rails[‘omniauth_block_auto_created_users’] = false

This is working fine since a few years now. In order for this to work we had to use Apache instead of the default nginx setup from the omnibus package as saml authentication was not yet supported when we first set up gitlab.

We would now like to switch to saml omniauth authentication and use the nginx provided by the omnibus package.

If I add our identity provider as a saml entry in the gitlab configuration and configure it on our IdP, will Gitlab automatically link the saml login with the previously created user (from the shibboleth login) if their email address matches?

If not, how can we migrate our omniauth shibboleth setup to omniauth saml while keeping all accounts linked as they are now?

Regards,
Rik

1 Like

Hi Rik,
Where you able to make it work?
Is now gitlab the service provider ? Or do you still need a shibboleth service beside?
With thanks
Estelle