Gitlab SSO Configuration

Prerequisites

• Ensure the Global SSO Settings have already been configured for this cluster.
• Access to Keycloak Master Realm

Create Keycloak Clients

1. While you are in the smoothglue realm, click on Clients under Manage in the left pane.
2. Click Create client.
3. Enter client name gitlab for Client ID.
4. Click on the Next button.
5. Toggle on Client authentication.
6. Click on the Next button. Note: The application's FQDN name may be obtained by running kubectl get virtualservice -A
7. Enter https://{{ application_fqdn }}/users/auth/openid_connect/callback for Valid Redirect URIs.
8. Click on the Save button.

Creating Client Scopes

Gitlab needs to be added in the Client Scopes.

note

The client scope has to be spelled exactly as Gitlab as this name is what GitLab is configured to request.

1. While you are in the smoothglue realm, click on Client Scopes.
2. Click Create client scope.
3. Enter Gitlab for Name, and click on the Save button.
4. Go to the Mappers tab.
5. Click on Add predefined mappers.
6. Enable username, profile, full name, and email predefined mappers (some may be on the next page).
7. Click Add.
8. Go to Clients, and go to the gitlab client.
9. Go to the Client Scopes tab.
10. Click Add client scope.
11. Enable the Gitlab client scope.
12. Click Add -> Default.

SSO Configuration

Retrieve the client_secret from the Keycloak client:

1. As a Keycloak Admin and within the smoothglue realm, click Clients on the left-hand panel.
2. Click on the gitlab client.
3. Click on the Credentials tab.
4. Copy the value from the Client Secret field.

Add the following values to the bigbang-secrets.yaml to configure SSO:

addons:
  gitlab:
    sso:
      enabled: true
      client_id: "gitlab" # should match the client name in keycloak
      client_secret: "<Client Secret copied from Keycloak>"

info

See How to Configure Big Bang Values for more information on configuring Big Bang applications.