Hello!
We are trying to integrate keycloak with Gitlab using OmniAuth without SSL applied(mandatory requirement). The configuration of the gitlab.rb file is as follows,
prometheus_monitoring['enable'] = false
gitlab_rails['ldap_enabled'] = false;
nginx['listen_port'] = 10200
nginx['listen_http'] = false
registry_nginx['enable'] = true
gitlab_rails['registry_path'] = "/mnt/docker_registry"
registry['enable'] = true
registry_external_url 'http://localhost:8123'
external_url 'http://<ELB>/gitlab/'
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'Keycloak',
'label' => 'Login',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile','<SCOPE>'],
'response_type' => 'code',
#'issuer' => 'http://<ELB>/auth/realms/<REALM_NAME>',
'discovery' => true,
'client_auth_method' => 'query',
'send_scope_to_token_endpoint' => 'false',
'client_options' => {
'port' => 80,
'scheme' => 'http',
'host' => '<ELB>/auth',
'identifier' => '<CLIENT_ID>',
'secret' => '<CLIENT_SECRET>',
'redirect_uri' => 'http://<ELB>/gitlab/users/auth/openid_connect/callback',
}
}
}
]
gitlab_rails['omniauth_sync_profile_from_provider'] = 'Keycloak'
#gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_allow_single_sign_on'] = ['Keycloak']
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
We are getting the following error when we login to the UI ā go to user settings ā
Account ā click on Connect OpenID Connect option,
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)):
Can you please help us fix this?
Thank you in advance