Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/auth/oidc.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/auth/oidc.md')
-rw-r--r--doc/administration/auth/oidc.md50
1 files changed, 33 insertions, 17 deletions
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md
index d48de109bd0..8ef95872ad4 100644
--- a/doc/administration/auth/oidc.md
+++ b/doc/administration/auth/oidc.md
@@ -5,7 +5,7 @@ group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
-# OpenID Connect OmniAuth provider **(FREE SELF)**
+# Use OpenID Connect as an OAuth 2.0 authentication provider **(FREE SELF)**
GitLab can use [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html)
as an OmniAuth provider.
@@ -22,7 +22,7 @@ The OpenID Connect provides you with a client's details and secret for you to us
sudo editor /etc/gitlab/gitlab.rb
```
- For installations from source:
+ For self-compiled installations:
```shell
cd /home/git/gitlab
@@ -187,7 +187,7 @@ The OpenID Connect provides you with a client's details and secret for you to us
1. For changes to take effect, if you:
- Used the Linux package to install GitLab, [reconfigure GitLab](../restart_gitlab.md#reconfigure-a-linux-package-installation).
- - Self-compiled your GitLab installation, [restart GitLab](../restart_gitlab.md#installations-from-source).
+ - Self-compiled your GitLab installation, [restart GitLab](../restart_gitlab.md#self-compiled-installations).
On the sign in page, you have an OpenID Connect option below the regular sign in form.
Select this option to begin the authentication process. The OpenID Connect provider
@@ -581,7 +581,7 @@ gitlab_rails['omniauth_providers'] = [
]
```
-Example installations from source configuration (file path: `config/gitlab.yml`):
+Example configuration for self-compiled installations (file path: `config/gitlab.yml`):
```yaml
- { name: 'openid_connect', # do not change this parameter
@@ -750,7 +750,7 @@ def sync_missing_provider(self, user: User, extern_uid: str)
For more information, see the [GitLab API user method documentation](https://python-gitlab.readthedocs.io/en/stable/gl_objects/users.html#examples).
-## Configure users based on OIDC group membership **(PREMIUM)**
+## Configure users based on OIDC group membership **(PREMIUM ALL)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/209898) in GitLab 15.10.
@@ -774,7 +774,9 @@ response to require users to be members of a certain group, configure GitLab to
If you do not set `required_groups` or leave the setting empty, any user authenticated by the IdP through OIDC can use GitLab.
-For Linux package installations:
+::Tabs
+
+:::TabTitle Linux package (Omnibus)
1. Edit `/etc/gitlab/gitlab.rb`:
@@ -808,7 +810,7 @@ For Linux package installations:
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#reconfigure-a-linux-package-installation)
for the changes to take effect.
-For self-compiled installations:
+:::TabTitle Self-compiled (source)
1. Edit `/home/git/gitlab/config/gitlab.yml`:
@@ -839,9 +841,11 @@ For self-compiled installations:
}
```
-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#installations-from-source)
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#self-compiled-installations)
for the changes to take effect.
+::EndTabs
+
### External groups
Your IdP must pass group information to GitLab in the OIDC response. To use this
@@ -853,7 +857,9 @@ based on group membership, configure GitLab to identify:
[external user](../external_users.md), using the
`external_groups` setting.
-For Linux package installations:
+::Tabs
+
+:::TabTitle Linux package (Omnibus)
1. Edit `/etc/gitlab/gitlab.rb`:
@@ -887,7 +893,7 @@ For Linux package installations:
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#reconfigure-a-linux-package-installation)
for the changes to take effect.
-For self-compiled installations:
+:::TabTitle Self-compiled (source)
1. Edit `/home/git/gitlab/config/gitlab.yml`:
@@ -918,9 +924,11 @@ For self-compiled installations:
}
```
-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#installations-from-source)
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#self-compiled-installations)
for the changes to take effect.
+::EndTabs
+
### Auditor groups **(PREMIUM SELF)**
Your IdP must pass group information to GitLab in the OIDC response. To use this
@@ -930,7 +938,9 @@ response to assign users as auditors based on group membership, configure GitLab
- Which group memberships grant the user auditor access, using the `auditor_groups`
setting.
-For Linux package installations:
+::Tabs
+
+:::TabTitle Linux package (Omnibus)
1. Edit `/etc/gitlab/gitlab.rb`:
@@ -964,7 +974,7 @@ For Linux package installations:
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#reconfigure-a-linux-package-installation)
for the changes to take effect.
-For self-compiled installations:
+:::TabTitle Self-compiled (source)
1. Edit `/home/git/gitlab/config/gitlab.yml`:
@@ -995,9 +1005,11 @@ For self-compiled installations:
}
```
-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#installations-from-source)
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#self-compiled-installations)
for the changes to take effect.
+::EndTabs
+
### Administrator groups
Your IdP must pass group information to GitLab in the OIDC response. To use this
@@ -1007,7 +1019,9 @@ response to assign users as administrator based on group membership, configure G
- Which group memberships grant the user administrator access, using the
`admin_groups` setting.
-For Linux package installations:
+::Tabs
+
+:::TabTitle Linux package (Omnibus)
1. Edit `/etc/gitlab/gitlab.rb`:
@@ -1041,7 +1055,7 @@ For Linux package installations:
1. Save the file and [reconfigure GitLab](../restart_gitlab.md#reconfigure-a-linux-package-installation)
for the changes to take effect.
-For self-compiled installations:
+:::TabTitle Self-compiled (source)
1. Edit `/home/git/gitlab/config/gitlab.yml`:
@@ -1072,9 +1086,11 @@ For self-compiled installations:
}
```
-1. Save the file and [reconfigure GitLab](../restart_gitlab.md#installations-from-source)
+1. Save the file and [reconfigure GitLab](../restart_gitlab.md#self-compiled-installations)
for the changes to take effect.
+::EndTabs
+
## Troubleshooting
1. Ensure `discovery` is set to `true`. If you set it to `false`, you must
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 10:27:48 +0300