ASP SSO single sign-on integration for Gitlab

overview

ASP officially supports Gitlab third-party login

create application

1. Click Create Third-Party App in Apps
   

2. Select Gitlab in the list and click Create Application
   

3. Enter the application name in the pop-up window, click OK
   

4. The newly created Gitlab application needs to be configured, select the Gitlab application just created in the application

5. Configure the Gitlab address in the application, click Save

Gitlab docking ASP

The configuration file of Gitlab needs to be modified to connect to ASP. The following is the reference for deploying Gitlab in docker-compose mode

1. Modify the docker-compose.yml configuration file

services:
  web:
    image: 'gitlab/gitlab-ee:latest'
    restart: always
    hostname: 'localhost'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://localhost:8001' #Gitlab地址
        gitlab_rails['omniauth_block_auto_created_users'] = false #是否创建新用户
        gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect'] 
        gitlab_rails['omniauth_auto_link_user'] = [ "openid_connect"]
        gitlab_rails['omniauth_providers'] =  [{
          name: 'openid_connect',
          label: 'ASP', #Gitlab登录页面显示的登录方式名称
          args: {
            name: 'openid_connect',
            scope: ['openid','profile','email','phone'],
            response_type: 'code',
            issuer: "https://sso.andang.cn",
            discovery: false,
            uid_field: 'sub',
            client_options: {
              'port': 443, #ASP服务端口
              'scheme': 'https', #ASP服务协议
              'host': 'sso.andang.cn', #ASP服务地址，此处为公有云地址
              'authorization_endpoint':'/', #ASP服务登录地址路由
              'token_endpoint':'/token', #ASP服务获取token接口地址路由
              'identifier' => '451887a8-6ef4-45c6-8467-1974f3ae31ba', #应用ID
              'secret' => 'BG6L3jUXh4f2qCPqx5bZWOK+XOqYWJ1vXc2megDD9fb25ZGhP5', #应用密钥
              'redirect_uri' => 'http://192.168.0.122:8001/users/auth/openid_connect/callback' #Gitlab回调地址
            }          
          }
        }]
    ports:
      - '8001:8001'
    volumes:
      - './config:/etc/gitlab'
      - './logs:/var/log/gitlab'
      - './data:/var/opt/gitlab'

Reference:
Gitlab Documentation

2. In the Gitlab login interface, select the ASP user source to log in, and jump to ASP

3. Enter account login in ASP, jump back to Gitlab

4. complete login

question

1. When creating an application, it prompts "the system is not activated"

请先导入许可证后再创建应用