From 8abc4e6d876b2e4a5c348e05927b2c472fdfef9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Halvard=20M=C3=B8rstad?= <33620089+halvardssm@users.noreply.github.com> Date: Wed, 21 Oct 2020 18:36:17 +0200 Subject: [PATCH] Updated Gitlab docs (#859) --- docs/2_auth.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/docs/2_auth.md b/docs/2_auth.md index d8230289..db910567 100644 --- a/docs/2_auth.md +++ b/docs/2_auth.md @@ -151,15 +151,25 @@ The group management in keycloak is using a tree. If you create a group named ad ### GitLab Auth Provider -Whether you are using GitLab.com or self-hosting GitLab, follow [these steps to add an application](https://docs.gitlab.com/ce/integration/oauth_provider.html). Make sure to enable at least the `openid`, `profile` and `email` scopes. +Whether you are using GitLab.com or self-hosting GitLab, follow [these steps to add an application](https://docs.gitlab.com/ce/integration/oauth_provider.html). Make sure to enable at least the `openid`, `profile` and `email` scopes, and set the redirect url to your application url e.g. https://myapp.com/oauth2/callback. +The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow [these steps](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/configuration/configuration.md#configuration) + +``` + --provider="gitlab" + --redirect-url="https://myapp.com/oauth2/callback" // Should be the same as the redirect url for the application in gitlab + --client-id=GITLAB_CLIENT_ID + --client-secret=GITLAB_CLIENT_SECRET + --cookie-secret=COOKIE_SECRET +``` + Restricting by group membership is possible with the following option: - -gitlab-group="": restrict logins to members of any of these groups (slug), separated by a comma + --gitlab-group="mygroup,myothergroup": restrict logins to members of any of these groups (slug), separated by a comma If you are using self-hosted GitLab, make sure you set the following to the appropriate URL: - -oidc-issuer-url="" + --oidc-issuer-url="" ### LinkedIn Auth Provider