Oidc keycloak via helm chart deployment

lknite · March 13, 2024, 1:31pm

Problem to solve

Working to get OIDC configured on a new gitlab deployment. I’ve read the instructions and so far have created a secret with a key ‘provider’ which has my oidc yaml configuration. I’ve specified this provider in the helm chart. Yet, when I access the gui there is no keycloak login option.

Configuration

via the helm chart:

  appConfig:
    omniauth:
      enabled: true
      autoSignInWithProvider: openid_connect
#      syncProfileFromProvider: []
#      syncProfileAttributes: [email]
      allowSingleSignOn: [oauth2_generic]
      blockAutoCreatedUsers: false
#      autoLinkLdapUser: false
#      autoLinkSamlUser: false
#      autoLinkUser: []
#      externalProviders: []
#      allowBypassTwoFactor: []
      providers:
      - secret: gitlab-keycloak

oidc config which is stored in the secret:

name: 'openid_connect' # do not change this parameter
label: 'Keycloak'
icon: 'https://imgs.search.brave.com/rxsziFGXRM-sUemIQjrKfk0JS7CxwIaV0Tpm5yAqu_0/rs:fit:860:0:0/g:ce/aHR0cHM6Ly91cGxv/YWQud2lraW1lZGlh/Lm9yZy93aWtpcGVk/aWEvY29tbW9ucy90/aHVtYi8yLzI5L0tl/eWNsb2FrX0xvZ28u/cG5nLzIyMHB4LUtl/eWNsb2FrX0xvZ28u/cG5n'
args:
  name: 'openid_connect'
  scope:
  - openid
  - profile
  - email
  response_type: 'code'
  issuer: 'https://keycloak.home.net/realms/home'
  discovery: true
  client_auth_method: 'jwt_bearer'
  uid_field: 'preferred_username'
  send_scope_to_token_endpoint: false
  pkce: false
  client_options:
    identifier: 'gitlab'
    secret: '<redacted>'
    redirect_uri: 'https://gitlab.home.net/users/auth/openid_connect/callback'

Versions

dependencies:

name: gitlab
version: 7.9.2
repository: https://charts.gitlab.io

lknite · March 13, 2024, 10:34pm

I figured out the issue, the ‘appConfig’ section needed to be moved underneath the ‘global’ section.