Download as
Browse Code »

Commit 728b05cab7f4bc87cbdc9d1ecb3d54f96ff24ce2

Authored by Drew Blessing
1 parent 03472b4f
Exists in spb-stable and in 3 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb

Add OmniAuth Documentation 

Add GitHub OmniAuth docs

Google instructions

Google instructions

Merge master

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Add Google and Twitter docs

Add screenshot

Add screenshot

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Finalize current docs

Finalize current docs

Add existing user information

Add twitter

Add twitter

Add Twitter disclaimer

Add Twitter disclaimer

remove old doc

Remove unnecessary link

Revert omniauth provider format

Add OmniAuth Documentation

Add GitHub OmniAuth docs

Google instructions

Google instructions

Merge master

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Add Google and Twitter docs

Add screenshot

Add screenshot

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Clean things up

Finalize current docs

Finalize current docs

Add existing user information

Add twitter

Add twitter

Add Twitter disclaimer

Add Twitter disclaimer

remove old doc

Remove unnecessary link

Revert omniauth provider format

Use omniauth again

Remove notice

Restore whitespace

Slight changes
Showing 7 changed files with 224 additions and 59 deletions   Show diff stats
config/gitlab.yml.example
  Diff comments   View file @728b05c
... ... @@ -175,7 +175,7 @@ production: &base
175 175 ## Auth providers
176 176 # Uncomment the following lines and fill in the data of the auth provider you want to use
177 177 # If your favorite auth provider is not listed you can use others:
178   - # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Working-custom-omniauth-provider-configurations
  178 + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
179 179 # The 'app_id' and 'app_secret' parameters are always passed as the first two
180 180 # arguments, followed by optional 'args' which can be either a hash or an array.
181 181 providers:
... ...
doc/integration/README.md
  Diff comments   View file @728b05c
1   -+ [External issue tracker](external-issue-tracker.md)
2   -+ [LDAP](ldap.md)
3   -+ [oAuth](oauth.md) Login with Twitter, GitHub, etc.
4 1 \ No newline at end of file
  2 +# GitLab Integration
  3 +
  4 +GitLab integrates with multiple third-party services to allow external issue trackers and external authentication.
  5 +See the documentation below for details on how to configure these services.
  6 +
  7 ++ [External issue tracker](external-issue-tracker.md) Redmine, JIRA, etc.
  8 ++ [LDAP](ldap.md) Set up sign in via LDAP
  9 ++ [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, and Google via OAuth.
... ...
doc/integration/github.md 0 → 100644
  Diff comments   View file @728b05c
... ... @@ -0,0 +1,38 @@
  1 +# GitHub OAuth2 OmniAuth Provider
  2 +
  3 +To enable the GitHub OmniAuth provider you must register your application with GitHub. GitHub will generate a client ID and secret key for you to use.
  4 +
  5 +1. Sign in to GitHub.
  6 +2. Navigate to your individual user settings or an organization's settings, depending on how you want the application registered. It does not matter if the application is registered as an individual or an organization - that is entirely up to you.
  7 +3. Select "Applications" in the left menu.
  8 +4. Select "Register new application".
  9 +5. Provide the required details.
  10 + * Application name: This can be anything. Consider something like "\<Organization\>'s GitLab" or "\<Your Name\>'s GitLab" or something else descriptive.
  11 + * Homepage URL: The URL to your GitLab installation. 'https://gitlab.company.com'
  12 + * Application description: Fill this in if you wish.
  13 + * Authorization callback URL: 'https://gitlab.company.com/users/auth/github/callback'
  14 +6. Select "Register application".
  15 +7. You should now see a Client ID and Client Secret near the top right of the page (see screenshot). Keep this page open as you continue configuration. ![GitHub app](github_app.png)
  16 +8. On your GitLab server, open the configuration file.
  17 +
  18 + ```sh
  19 + cd /home/git/gitlab
  20 +
  21 + sudo -u git -H editor config/gitlab.yml
  22 + ```
  23 +
  24 +9. Find the section dealing with OmniAuth. See [Initial OmniAuth Configuration](README.md#initial-omniauth-configuration) for more details.
  25 +10. Under `providers:` uncomment (or add) lines that look like the following:
  26 +
  27 + ```
  28 + - { name: 'github', app_id: 'YOUR APP ID',
  29 + app_secret: 'YOUR APP SECRET',
  30 + args: { scope: 'user:email' } }
  31 + ```
  32 +
  33 +11. Change 'YOUR APP ID' to the client ID from the GitHub application page from step 7.
  34 +12. Change 'YOUR APP SECRET' to the client secret from the GitHub application page from step 7.
  35 +13. Save the configuration file.
  36 +14. Restart GitLab for the changes to take effect.
  37 +
  38 +On the sign in page there should now be a GitHub icon below the regular sign in form. Click the icon to begin the authentication process. GitHub will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
... ...
doc/integration/google.md 0 → 100644
  Diff comments   View file @728b05c
... ... @@ -0,0 +1,49 @@
  1 +# Google OAuth2 OmniAuth Provider
  2 +
  3 +To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use.
  4 +
  5 +1. Sign in to the [Google Developers Console](https://console.developers.google.com/) with the Google account you want to use to register GitLab.
  6 +2. Select "Create Project".
  7 +3. Provide the project information
  8 + * Project name: 'GitLab' works just fine here.
  9 + * Project ID: Must be unique to all Google Developer registered applications. Google provides a randomly generated Project ID by default. You can use the randomly generated ID or choose a new one.
  10 +4. Refresh the page. You should now see your new project in the list. Click on the project.
  11 +5. Select "APIs & auth" in the left menu.
  12 +6. Select "Credentials" in the submenu.
  13 +7. Select "Create New Client ID".
  14 +8. Fill in the required information
  15 + * Application type: "Web Application"
  16 + * Authorized JavaScript origins: This isn't really used by GitLab but go ahead and put 'https://gitlab.example.com' here.
  17 + * Authorized redirect URI: 'https://gitlab.example.com/users/auth/google_oauth2/callback'
  18 +9. Under the heading "Client ID for web application" you should see a Client ID and Client secret (see screenshot). Keep this page open as you continue configuration. ![Google app](google_app.png)
  19 +10. On your GitLab server, open the configuration file.
  20 + ```sh
  21 + cd /home/git/gitlab
  22 +
  23 + sudo -u git -H editor config/gitlab.yml
  24 + ```
  25 +11. Find the section dealing with OmniAuth. See [Initial OmniAuth Configuration](README.md#initial-omniauth-configuration) for more details.
  26 +12. Under `providers:` uncomment (or add) lines that look like the following:
  27 +
  28 + ```
  29 + - { name: 'google_oauth2', app_id: 'YOUR APP ID',
  30 + app_secret: 'YOUR APP SECRET',
  31 + args: { access_type: 'offline', approval_prompt: '' } }
  32 + ```
  33 +
  34 +13. Change 'YOUR APP ID' to the client ID from the GitHub application page from step 7.
  35 +14. Change 'YOUR APP SECRET' to the client secret from the GitHub application page from step 7.
  36 +15. Save the configuration file.
  37 +16. Restart GitLab for the changes to take effect.
  38 +
  39 +On the sign in page there should now be a Google icon below the regular sign in form. Click the icon to begin the authentication process. Google will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
  40 +
  41 +## Further Configuration
  42 +
  43 +This further configuration is not required for Google authentication to function but it is strongly recommended. Taking these steps will increase usability for users by providing a little more recognition and branding.
  44 +
  45 +At this point, when users first try to authenticate to your GitLab installation with Google they will see a generic application name on the prompt screen. The prompt informs the user that "Project Default Service Account" would like to access their account. "Project Default Service Account" isn't very recognizable and may confuse or cause users to be concerned. This is easily changeable.
  46 +
  47 +1. Select 'Consent screen' in the left menu. (See steps 1, 4 and 5 above for instructions on how to get here if you closed your window).
  48 +2. Scroll down until you find "Product Name". Change the product name to something more descriptive.
  49 +3. Add any additional information as you wish - homepage, logo, privacy policy, etc. None of this is required, but it may help your users.
... ...
doc/integration/oauth.md
View file @03472b4
... ... @@ -1,55 +0,0 @@
1   -# OAuth
2   -
3   -You can use other services to log into GitLab via oAuth.
4   -
5   -For this you need:
6   -
7   -* create app in selected services
8   -* configure gitlab.yml
9   -
10   -## Twitter:
11   -
12   -Below are screenshots how to setup your app on Twitter for this:
13   -
14   -![Application details](twitter_app_details.png)
15   -![API Keys](twitter_app_api_keys.png)
16   -
17   -## GitHub:
18   -
19   -![GitHub app](github_app.png)
20   -
21   -## Google:
22   -
23   -![Google app](google_app.png)
24   -
25   -
26   -## GitLab config file
27   -
28   -Second step is to modify gitlab.yml with app credentials:
29   -
30   -```
31   -production:
32   - ...
33   -
34   - omniauth:
35   - enabled: true
36   -
37   - providers:
38   - - {
39   - name: 'twitter',
40   - app_id: 'XXXXXXXX',
41   - app_secret: 'XXXXXXXXXXXXXXXXXXXXXXXX'
42   - }
43   - - {
44   - name: 'google_oauth2',
45   - app_id: 'XXXXXXXXXXX.apps.googleusercontent.com',
46   - app_secret: 'XXXXXXXX'
47   - }
48   - - {
49   - name: 'github',
50   - app_id: 'XXXXXXXXXX',
51   - app_secret: 'XXXXXXXXXXXXXXXXXXXXXXXX'
52   - }
53   -
54   -```
55   -
doc/integration/omniauth.md 0 → 100644
  Diff comments   View file @728b05c
... ... @@ -0,0 +1,81 @@
  1 +# OmniAuth
  2 +
  3 +GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and other popular services. Configuring
  4 +OmniAuth does not prevent standard GitLab authentication or LDAP (if configured) from continuing to work. Users can
  5 +choose to sign in using any of the configured mechanisms.
  6 +
  7 ++ [Initial OmniAuth Configuration](#initial-omniauth-configuration)
  8 ++ [Supported Providers](#supported-providers)
  9 ++ [Enable OmniAuth for an Existing User](#enable-omniauth-for-an-existing-user)
  10 +
  11 +### Initial OmniAuth Configuration
  12 +
  13 +Before configuring individual OmniAuth providers there are a few global settings that need to be verified.
  14 +
  15 +1. Open the configuration file<br />
  16 +
  17 + ```sh
  18 + cd /home/git/gitlab
  19 +
  20 + sudo -u git -H editor config/gitlab.yml
  21 + ```
  22 +
  23 +2. Find the section dealing with OmniAuth. The section will look similar to the following.<br />
  24 + ```
  25 + ## OmniAuth settings
  26 + omniauth:
  27 + # Allow login via Twitter, Google, etc. using OmniAuth providers
  28 + enabled: false
  29 +
  30 + # CAUTION!
  31 + # This allows users to login without having a user account first (default: false).
  32 + # User accounts will be created automatically when authentication was successful.
  33 + allow_single_sign_on: false
  34 + # Locks down those users until they have been cleared by the admin (default: true).
  35 + block_auto_created_users: true
  36 +
  37 + ## Auth providers
  38 + # Uncomment the following lines and fill in the data of the auth provider you want to use
  39 + # If your favorite auth provider is not listed you can use others:
  40 + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
  41 + # The 'app_id' and 'app_secret' parameters are always passed as the first two
  42 + # arguments, followed by optional 'args' which can be either a hash or an array.
  43 + providers:
  44 + # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
  45 + # app_secret: 'YOUR APP SECRET',
  46 + # args: { access_type: 'offline', approval_prompt: '' } }
  47 + # - { name: 'twitter', app_id: 'YOUR APP ID',
  48 + # app_secret: 'YOUR APP SECRET'}
  49 + # - { name: 'github', app_id: 'YOUR APP ID',
  50 + # app_secret: 'YOUR APP SECRET',
  51 + # args: { scope: 'user:email' } }
  52 + ```
  53 +3. Change `enabled` to `true`.
  54 +4. Consider the next two configuration options: `allow_single_sign_on` and `block_auto_created_users`.
  55 + * `allow_single_sign_on` defaults to `false`. If `false` users must be created manually or they will not be able to
  56 + sign in via OmniAuth.
  57 + * `block_auto_created_users` defaults to `true`. If `true` auto created users will be blocked by default and will
  58 + have to be unblocked by an administrator before they are able to sign in.
  59 + * **Note:** If you set `allow_single_sign_on` to `true` and `block_auto_created_users` to `false` please be aware
  60 + that any user on the Internet will be able to successfully sign in to your GitLab without administrative approval.
  61 +5. Choose one or more of the Supported Providers below to continue configuration.
  62 +
  63 +### Supported Providers
  64 +
  65 ++ [GitHub](github.md)
  66 ++ [Google](google.md)
  67 ++ [Twitter](twitter.md)
  68 +
  69 +### Enable OmniAuth for an Existing User
  70 +
  71 +Existing users can enable OmniAuth for specific providers after the account is created. For example, if the user
  72 +originally signed in with LDAP an OmniAuth provider such as Twitter can be enabled. Follow the steps below to enable an
  73 +OmniAuth provider for an existing user.
  74 +
  75 +1. Sign in normally - whether standard sign in, LDAP, or another OmniAuth provider.
  76 +2. Go to profile settings (the silhouette icon in the top right corner).
  77 +3. Select the "Account" tab.
  78 +4. Under "Social Accounts" select the desired OmniAuth provider, such as Twitter.
  79 +5. The user will be redirected to the provider. Once the user authorized GitLab they will be redirected back to GitLab.
  80 +
  81 +The chosen OmniAuth provider is now active and can be used to sign in to GitLab from then on.
... ...
doc/integration/twitter.md 0 → 100644
  Diff comments   View file @728b05c
... ... @@ -0,0 +1,47 @@
  1 +# Twitter OAuth2 OmniAuth Provider
  2 +
  3 +To enable the Twitter OmniAuth provider you must register your application with Twitter. Twitter will generate a client
  4 +ID and secret key for you to use.
  5 +
  6 +1. Sign in to [Twitter Developers](https://dev.twitter.com/) area.
  7 +2. Hover over the avatar in the top right corner and select "My applications."
  8 +3. Select "Create new app"
  9 +4. Fill in the application details.
  10 + * Name: This can be anything. Consider something like "\<Organization\>'s GitLab" or "\<Your Name\>'s GitLab" or
  11 + something else descriptive.
  12 + * Description: Create a description.
  13 + * Website: The URL to your GitLab installation. 'https://gitlab.example.com'
  14 + * Callback URL: 'https://gitlab.example.com/users/auth/github/callback'
  15 + * Agree to the "Rules of the Road."
  16 + ![Twitter App Details](twitter_app_details.png)
  17 +6. Select "Create your Twitter application."
  18 +7. Select the "Settings" tab.
  19 +8. Underneath the Callback URL check the box next to "Allow this application to be used to Sign in the Twitter."
  20 +9. Select "Update settings" at the bottom to save changes.
  21 +10. Select the "API Keys" tab.
  22 +11. You should now see an API key and API secret (see screenshot). Keep this page open as you continue configuration.
  23 +![Twitter app](twitter_app_api_keys.png)
  24 +12. On your GitLab server, open the configuration file.
  25 +
  26 + ```sh
  27 + cd /home/git/gitlab
  28 +
  29 + sudo -u git -H editor config/gitlab.yml
  30 + ```
  31 +
  32 +13. Find the section dealing with OmniAuth. See [Initial OmniAuth Configuration](README.md#initial-omniauth-configuration)
  33 +for more details.
  34 +14. Under `providers:` uncomment (or add) lines that look like the following:
  35 +
  36 + ```
  37 + - { name: 'twitter', app_id: 'YOUR APP ID',
  38 + app_secret: 'YOUR APP SECRET' }
  39 + ```
  40 +
  41 +15. Change 'YOUR APP ID' to the API key from Twitter page in step 11.
  42 +16. Change 'YOUR APP SECRET' to the API secret from the Twitter page in step 11.
  43 +17. Save the configuration file.
  44 +18. Restart GitLab for the changes to take effect.
  45 +
  46 +On the sign in page there should now be a Twitter icon below the regular sign in form. Click the icon to begin the
  47 +authentication process. Twitter will ask the user to sign in and authorize the GitLab application. If everything goes well the user will be returned to GitLab and will be signed in.
... ...