I have a site with a GitLab server. All users have a trusted client certificate. I have TLS mutual auth enabled (https://docs.gitlab.com/omnibus/settings/nginx.html#enable-2-way-ssl-client-authentication), but the users still need to login to GitLab to use it. Has anyone figured out a way to pass that user id/authentication information from the certificate to the GitLab application for login?
The best I have come up with so far is building a SAML or CAS server that would auth the user by the cert and have GitLab use that for auth.
Any other ideas?