1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
gitlab_rails[ 'omniauth_enabled' ] = true
gitlab_rails[ 'omniauth_allow_single_sign_on' ] = [ 'saml' ]
gitlab_rails[ 'omniauth_block_auto_created_users' ] = false
gitlab_rails[ 'omniauth_auto_link_saml_user' ] = true
gitlab_rails[ 'omniauth_providers' ] = [
{
name: 'saml' ,
label: 'eduTEAMS' ,
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback' ,
idp_cert_fingerprint: '72:8A:6C:6B:63:35:3F:E0:BF:70:8D:41:0E:B7:02:CF:C5:86:53:24' ,
idp_sso_target_url: 'https://proxy.eduteams.org/saml2sp/sso/redirect' ,
issuer: 'https://example.gitlab.com' ,
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' ,
uid: [ "urn:oasis:names:tc:SAML:attribute:subject-id" ],
email: [ "urn:oid:0.9.2342.19200300.100.1.3" ,],
first_name: [ "urn:oid:2.5.4.42" ],
last_name: [ "urn:oid:2.5.4.4" ]
},
# STEP(s) "Required Groups", "Admin Groups", "Auditor Groups"
groups_attribute: 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7' ,
required_groups: [
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Developers#eduteams.org' ,
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Developers#eduteams.org' ,
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab#eduteams.org' ,
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admin:Gitlab:Auditors#eduteams.org' ,
],
admin_groups: [
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab#eduteams.org' ,
],
audit_groups: [
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Admins:Gitlab:Auditors#eduteams.org' ,
],
external_groups: [
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Guests#eduteams.org' ,
'urn:geant:eduteams.org:service:eduteams:group:Test_VO:Conractors#eduteams.org' , ],
}
}
] |