GitLab

Casdoor can use the OIDC protocol to link to self-deployed GitLab server, and this document will show you how to do it.

The following are some of the names in the configuration:

CASDOOR_HOSTNAME: Domain name or IP where Casdoor server is deployed. e.g., https://door.casbin.com.

GITLAB_HOSTNAME: Domain name or IP where GitLab is deployed. e.g., https://gitlab.com.

Step1. Deploy Casdoor and GitLab

Firstly, the Casdoor and GitLab should be deployed.

After a successful deployment, you need to ensure:

  1. Casdoor can be logged in and used normally.
  2. Set Casdoor’s origin value (conf/app.conf) to CASDOOR_HOSTNAME. Casdoor conf

Step2. Configure Casdoor application

  1. Create or use an existing Casdoor application.
  2. Add a redirect url: http://GITLAB_HOSTNAME/users/auth/openid_connect/callback.
  3. Add provider you want and supplement other settings.

Application Setting Not surprisingly, you can get two values ​​on the application settings page: Client ID and Client secret like the picture above, we will use them in next step.

Open your favorite browser and visit: http://`CASDOOR_HOSTNAME`/.well-known/openid-configuration, you will see the OIDC configure of Casdoor.

Step3. Configure GitLab

You can follow the steps below to set this up, or make custom changes according to this document(e.g., you are installing GitLab using source code rather than Omnibus).

  1. On your GitLab server, open the configuration file.

    1. sudo editor /etc/gitlab/gitlab.rb

  2. Add the provider configuration. (HOSTNAME url should include http or https)

    1. gitlab_rails['omniauth_providers'] = [
    2.     {
    3.         name: "openid_connect",
    4.         label: "Casdoor", # optional label for login button, defaults to "Openid Connect"
    5.         args: {
    6.             name: "openid_connect",
    7.             scope: ["openid", "profile", "email"],
    8.             response_type: "code",
    9.             issuer:  "<CASDOOR_HOSTNAME>",
    10.             client_auth_method: "query",
    11.             discovery: true,
    12.             uid_field: "preferred_username",
    13.             client_options: {
    14.                 identifier: "<YOUR CLIENT ID>",
    15.                 secret: "<YOUR CLIENT SECRET>",
    16.                 redirect_uri: "<GITLAB_HOSTNAME>/users/auth/openid_connect/callback"
    17.             }
    18.         }
    19.     }
    20. ]

  3. Reboot your GitLab server.

  4. Each registered user can open GITLAB_HOSTNAME/-/profile/account, connect the casdoor account. GitLab connect
  5. Finish. Now, you can login your own GitLab by casdoor. GitLab login