GitLab
This guide configures a self-hosted GitLab instance to use Casdoor as the OIDC provider.
As the GitLab docs state, GitLab only works with OpenID providers that use HTTPS, deploy Casdoor over HTTPS (e.g. behind an NGINX reverse proxy with SSL). Casdoor本身默认只通过HTTP在8000端口监听,没有HTTPS相关功能。
以下是在配置中提到的一些名称:
CASDOOR_HOSTNAME:部署Casdoor服务器的域名或IP,例如,https://door.casbin.com。
GITLAB_HOSTNAME:部署GitLab的域名或IP,例如,https://gitlab.com。
步骤1:部署Casdoor和GitLab
Deploy Casdoor and GitLab. After deployment, ensure:
- Casdoor可以正常登录和使用。
- 将 Casdoor 的
origin值 (conf/app.conf) 设置为CASDOOR_HOSTNAME。
步骤2:配置Casdoor应用程序
- 创建或使用现有的 Casdoor 应用程序。
- 添加一个重定向URL:
http://GITLAB_HOSTNAME/users/auth/openid_connect/callback。 - 添加您想要的提供者并补充其他设置。
On the application settings page, note Client ID and Client secret (see the picture above); use them in the next step.
OIDC discovery: http://<CASDOOR_HOSTNAME>/.well-known/openid-configuration.
步骤3:配置GitLab
Follow the steps below, or adapt from GitLab OIDC docs (e.g. for source installs).
-
在 GitLab 服务器上,打开配置文件。
sudo editor /etc/gitlab/gitlab.rb -
添加提供商配置。 (HOSTNAME URL应包含http或https)
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "Casdoor", # 可选的登录按钮标签,默认为 "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "<CASDOOR_HOSTNAME>",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "<GITLAB_HOSTNAME>/users/auth/openid_connect/callback"
}
}
}
] -
重新启动 GitLab 服务器。
-
每个已注册用户都可以打开**
GITLAB_HOSTNAME/-/profile/account**并连接Casdoor账户。
-
完成! You can now log in to your GitLab instance via Casdoor.
