GitLab SSO Configuration
note
SmoothGlue will automatically configure this client and application out of the box. This serves primarily as reference if opting out of the auto-SSO feature.
Prerequisites
- Ensure the Global SSO Settings have already been configured for this cluster.
- Access to Keycloak Master Realm
Create Keycloak Clients
- While you are in the
smoothgluerealm, click onClientsunderManagein the left pane. - Click
Create client. - Enter client name
gitlabforClient ID. - Click on the
Nextbutton. - Toggle on
Client authentication. - Click on the
Nextbutton. Note: The application's FQDN name may be obtained by runningkubectl get virtualservice -A - Enter
https://{{ application_fqdn }}/users/auth/openid_connect/callbackforValid Redirect URIs. - Click on the
Savebutton.
Creating Client Scopes
Gitlab needs to be added in the Client Scopes.
note
The client scope has to be spelled exactly as Gitlab as this name is what GitLab is configured to request.
- While you are in the
smoothgluerealm, click onClient Scopes. - Click
Create client scope. - Enter
GitlabforName, and click on theSavebutton. - Go to the
Mapperstab. - Click on
Add predefined mappers. - Enable
username,profile,full name, andemailpredefined mappers (some may be on the next page). - Click
Add. - Go to
Clients, and go to thegitlabclient. - Go to the
Client Scopestab. - Click
Add client scope. - Enable the
Gitlabclient scope. - Click
Add->Default.
SSO Configuration
Retrieve the client_secret from the Keycloak client:
- As a Keycloak Admin and within the
smoothgluerealm, clickClientson the left-hand panel. - Click on the
gitlabclient. - Click on the
Credentialstab. - Copy the value from the
Client Secretfield.
Add the following values to the bigbang-secrets.yaml to configure SSO:
addons:
gitlab:
sso:
enabled: true
client_id: "gitlab" # should match the client name in keycloak
client_secret: "<Client Secret copied from Keycloak>"
info
See How to Configure Big Bang Values for more information on configuring Big Bang applications.