overview
ASP officially supports Gitlab third-party login
create application
-
Click Create Third-Party App in Apps
-
Select Gitlab in the list and click Create Application
-
Enter the application name in the pop-up window, click OK
-
The newly created Gitlab application needs to be configured, select the Gitlab application just created in the application
-
Configure the Gitlab address in the application, click Save
Gitlab docking ASP
The configuration file of Gitlab needs to be modified to connect to ASP. The following is the reference for deploying Gitlab in docker-compose mode
- Modify the docker-compose.yml configuration file
services:
web:
image: 'gitlab/gitlab-ee:latest'
restart: always
hostname: 'localhost'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://localhost:8001' #Gitlab地址
gitlab_rails['omniauth_block_auto_created_users'] = false #是否创建新用户
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_auto_link_user'] = [ "openid_connect"]
gitlab_rails['omniauth_providers'] = [{
name: 'openid_connect',
label: 'ASP', #Gitlab登录页面显示的登录方式名称
args: {
name: 'openid_connect',
scope: ['openid','profile','email','phone'],
response_type: 'code',
issuer: "https://sso.andang.cn",
discovery: false,
uid_field: 'sub',
client_options: {
'port': 443, #ASP服务端口
'scheme': 'https', #ASP服务协议
'host': 'sso.andang.cn', #ASP服务地址,此处为公有云地址
'authorization_endpoint':'/', #ASP服务登录地址路由
'token_endpoint':'/token', #ASP服务获取token接口地址路由
'identifier' => '451887a8-6ef4-45c6-8467-1974f3ae31ba', #应用ID
'secret' => 'BG6L3jUXh4f2qCPqx5bZWOK+XOqYWJ1vXc2megDD9fb25ZGhP5', #应用密钥
'redirect_uri' => 'http://192.168.0.122:8001/users/auth/openid_connect/callback' #Gitlab回调地址
}
}
}]
ports:
- '8001:8001'
volumes:
- './config:/etc/gitlab'
- './logs:/var/log/gitlab'
- './data:/var/opt/gitlab'
Reference:
Gitlab Documentation
-
In the Gitlab login interface, select the ASP user source to log in, and jump to ASP
-
Enter account login in ASP, jump back to Gitlab
-
complete login
question
- When creating an application, it prompts "the system is not activated"
请先导入许可证后再创建应用