2016-02-19 11:58:18 -05:00 · 2016-02-19 11:58:18 -05:00 · 96ba412748
parent 341888366f
commit 96ba412748
3 changed files with 13 additions and 4 deletions
--- a/files/gitlab-config-template/gitlab.rb.template
+++ b/files/gitlab-config-template/gitlab.rb.template
@ -152,10 +152,11 @@ external_url 'GENERATED_EXTERNAL_URL'
 ## see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#omniauth-google-twitter-github-login

 # gitlab_rails['omniauth_enabled'] = true
-# gitlab_rails['omniauth_allow_single_sign_on'] = false
+# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
 # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
 # gitlab_rails['omniauth_block_auto_created_users'] = true
 # gitlab_rails['omniauth_auto_link_ldap_user'] = false
+# gitlab_rails['omniauth_auto_link_saml_user'] = false
 # gitlab_rails['omniauth_providers'] = [
 #   {
 #     "name" => "google_oauth2",
--- a/files/gitlab-cookbooks/gitlab/attributes/default.rb
+++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb
@ -142,10 +142,11 @@ default['gitlab']['gitlab-rails']['kerberos_port'] = nil
 default['gitlab']['gitlab-rails']['kerberos_https'] = nil

 default['gitlab']['gitlab-rails']['omniauth_enabled'] = false
-default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = nil
+default['gitlab']['gitlab-rails']['omniauth_allow_single_sign_on'] = ['saml']
 default['gitlab']['gitlab-rails']['omniauth_auto_sign_in_with_provider'] = nil
 default['gitlab']['gitlab-rails']['omniauth_block_auto_created_users'] = nil
 default['gitlab']['gitlab-rails']['omniauth_auto_link_ldap_user'] = nil
+default['gitlab']['gitlab-rails']['omniauth_auto_link_saml_user'] = false
 default['gitlab']['gitlab-rails']['omniauth_providers'] = []
 default['gitlab']['gitlab-rails']['bitbucket'] = nil

--- a/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
+++ b/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb
@ -248,15 +248,22 @@ production: &base
    auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>

    # CAUTION!
-    # This allows users to login without having a user account first (default: false).
+    # This allows users to login without having a user account first. Define the allowed
+    # providers using an array, e.g. ["saml", "twitter"]
    # User accounts will be created automatically when authentication was successful.
-    allow_single_sign_on: <%= @omniauth_allow_single_sign_on %>
+    allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %>
+
    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: <%= @omniauth_block_auto_created_users %>
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>

+    # Allow users with existing accounts to login and auto link their account via SAML
+    # login, without having to do a manual login first and manually add SAML
+    # (default: false)
+    auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %>
+

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use