GitLab

Casdoor 可以使用 OIDC 协议链接到私有部署的 GitLab,这份文档将向您展示如何处理相关问题。

以下是一些在配置中需要使用的代称:

CASDOOR_HOSTNAME:私有部署的Casdoor域名或IP。 比如:https://door.casbin.com.

GITLAB_HOSTNAME: Domain name or IP where GitLab is deployed. e.g., https://gitlab.com.

Step1. Deploy Casdoor and GitLab

Firstly, the Casdoor and GitLab should be deployed.

After a successful deployment, you need to ensure:

  1. Casdoor can be logged in and used normally.
  2. Set Casdoor’s origin value (conf/app.conf) to CASDOOR_HOSTNAME. Casdoor conf

Step2. Configure Casdoor application

  1. Create or use an existing Casdoor application.
  2. Add a redirect url: http://GITLAB_HOSTNAME/users/auth/openid_connect/callback.
  3. Add provider you want and supplement other settings.

Application Setting Not surprisingly, you can get two values ​​on the application settings page: Client ID and Client secret like the picture above, we will use them in next step.

Open your favorite browser and visit: http://`CASDOOR_HOSTNAME`/.well-known/openid-configuration, you will see the OIDC configure of Casdoor.

Step3. Configure GitLab

You can follow the steps below to set this up, or make custom changes according to this document(e.g., you are installing GitLab using source code rather than Omnibus).

  1. On your GitLab server, open the configuration file.

    1. sudo editor /etc/gitlab/gitlab.rb

  2. Add the provider configuration. (HOSTNAME url should include http or https)

    1. gitlab_rails['omniauth_providers'] = [
    2.     {
    3.         name: "openid_connect",
    4.         label: "Casdoor", # optional label for login button, defaults to "Openid Connect"
    5.         args: {
    6.             name: "openid_connect",
    7.             scope: ["openid", "profile", "email"],
    8.             response_type: "code",
    9.             issuer:  "<CASDOOR_HOSTNAME>",
    10.             client_auth_method: "query",
    11.             discovery: true,
    12.             uid_field: "preferred_username",
    13.             client_options: {
    14.                 identifier: "<YOUR CLIENT ID>",
    15.                 secret: "<YOUR CLIENT SECRET>",
    16.                 redirect_uri: "<GITLAB_HOSTNAME>/users/auth/openid_connect/callback"
    17.             }
    18.         }
    19.     }
    20. ]

  3. Reboot your GitLab server.

  4. Each registered user can open GITLAB_HOSTNAME/-/profile/account, connect the casdoor account. GitLab connect
  5. Finish. Now, you can login your own GitLab by casdoor. GitLab login