Keycloak

Интеграция с Gitlab

На стороне Keycloak заводим нового клиента: Задаем имя клиента, RootURI b Valid Redirect URI: Необходимые для работы Scopes: openid, profile, email

На стороне Gitlab редактируем файл /etc/gitlab/gitlab.rb:

# nano /etc/gitlab/gitlab.rb

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_user'] = ['openid_connect']
 
gitlab_rails['omniauth_providers'] = [
  {
    name: "openid_connect", # do not change this parameter
    label: "KeyCloak SSO", # optional label for login button, defaults to "Openid Connect"
    icon: "https://idm.virtlab.space/welcome-content/keycloak-project.png",
    args: {
      name: "openid_connect",
      scope: ["openid","profile","email"],
      response_type: "code",
      issuer: "https://idm.virtlab.space/realms/virtlab",
      discovery: true,
      client_auth_method: "query",
      uid_field: "email",
      send_scope_to_token_endpoint: "false",
      pkce: true,
      client_options: {
        identifier: "git.virtlab.space",
        secret: "client_secret_here",
        redirect_uri: "https://git.virtlab.space/users/auth/openid_connect/callback"
      }
    }
  }
]