diff options
| author | tduehr <tduehr@gmail.com> | 2015-11-12 07:25:31 +0300 |
|---|---|---|
| committer | tduehr <tduehr@gmail.com> | 2015-12-15 06:43:41 +0300 |
| commit | 8e3f1fa629a61741282214b293c1bc9438aada59 (patch) | |
| tree | 59b128b1297955f38e895be422c9362115fd13ef /config | |
| parent | 2b4a3bc524c0db3f6e4e3d2b2f34ec29e358b240 (diff) | |
add CAS authentication support
Diffstat (limited to 'config')
| -rw-r--r-- | config/gitlab.yml.example | 13 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 4 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 10 |
3 files changed, 27 insertions, 0 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index db378118f85..fcf034d7911 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -287,6 +287,15 @@ production: &base # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: + # See omniauth-cas3 for more configuration details + # - { name: 'cas3', + # label: 'cas3', + # args: { + # url: 'https://sso.example.com', + # disable_ssl_verification: false, + # login_url: '/cas/login', + # service_validate_url: '/cas/p3/serviceValidate', + # logout_url: '/cas/logout'} } # - { name: 'github', # app_id: 'YOUR_APP_ID', # app_secret: 'YOUR_APP_SECRET', @@ -324,6 +333,10 @@ production: &base # application_name: 'YOUR_APP_NAME', # application_password: 'YOUR_APP_PASSWORD' } } + # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours. + # cas3: + # session_duration: 28800 + # Shared file storage settings shared: # path: /mnt/gitlab # Default: shared diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 63d8ae17436..fe0aaaedde5 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -126,6 +126,10 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil? Settings.omniauth['providers'] ||= [] +Settings.omniauth['cas3'] ||= Settingslogic.new({}) +Settings.omniauth.cas3['session_duration'] ||= 8.hours +Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) +Settings.omniauth.session_tickets['cas3'] = 'ticket' Settings['shared'] ||= Settingslogic.new({}) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5fb43a86e13..92149826da7 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -241,6 +241,16 @@ Devise.setup do |config| # An Array from the configuration will be expanded. provider_arguments.concat provider['args'] when Hash + # Add procs for handling SLO + if provider['name'] == 'cas3' + provider['args'][:on_single_sign_out] = lambda do |request| + ticket = request.params[:session_index] + raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket) + Gitlab::OAuth::Session.destroy(:cas3, ticket) + true + end + end + # A Hash from the configuration will be passed as is. provider_arguments << provider['args'].symbolize_keys end |