Hi, I am tasked with deploying and configuring a GitLab instance on AWS using Terraform and Ansible and there is one more step I would like to do: get access level (regular user vs admin) from SSO/Keycloak. I have already configured it to use our SSO for auth, now I was wondering if there is an automated way of obtaining access level from SSO/Keycloak? Here is the provider info I place in the gitlab.rb config file:
gitlab_rails['omniauth_providers'] = [
{
'name' => 'oauth2_generic',
'app_id' => 'gitlab',
'app_secret' => "${SECRET}",
'args' => {
client_options: {
'site' => 'http://SSO_URL.com', # including port if necessary
'user_info_url' => '/auth/realms/master/protocol/openid-connect/userinfo',
'authorize_url' => '/auth/realms/master/protocol/openid-connect/auth',
'token_url' => '/auth/realms/master/protocol/openid-connect/token',
},
user_response_structure: {
#root_path: ['user'], # i.e. if attributes are returned in JsonAPI format (in a 'user' node nested under a 'data' node)
attributes: { email:'email', first_name:'given_name', last_name:'family_name', name:'name', nickname:'preferred_username' }, # if the nickname attribute of a user is called 'username'
id_path: 'preferred_username'
},
}
}
]
My thoughts were to create a Role Mapper in Keycloak and add that in the attributes key above.