From 00ab55f2d69ddd3cf8f1fea9df5a8115eeffaf1e Mon Sep 17 00:00:00 2001 From: micolous Date: Thu, 3 Oct 2024 15:12:40 +1000 Subject: [PATCH] Fix landing and redirect URLs for GitLab, add some useful links (#3055) --- book/src/integrations/oauth2/examples.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/book/src/integrations/oauth2/examples.md b/book/src/integrations/oauth2/examples.md index b01eb3244..e6f48f18e 100644 --- a/book/src/integrations/oauth2/examples.md +++ b/book/src/integrations/oauth2/examples.md @@ -78,8 +78,8 @@ To set up a self-managed GitLab instance to authenticate with Kanidm: configure the redirect URL, and scope access to the `gitlab_users` group: ```sh - kanidm system oauth2 create gitlab GitLab https://gitlab.example.com - kanidm system oauth2 add-redirect-url gitlab https://gitlab.example.com/users/auth/oauth2_generic/callback + kanidm system oauth2 create gitlab GitLab https://gitlab.example.com/users/sign_in + kanidm system oauth2 add-redirect-url gitlab https://gitlab.example.com/users/auth/openid_connect/callback kanidm system oauth2 update-scope-map gitlab gitlab_users email openid profile groups ``` @@ -156,6 +156,16 @@ To set up a self-managed GitLab instance to authenticate with Kanidm: Once GitLab is up and running, you should now see a "Kanidm" option on your GitLab sign-in page below the normal login form. +Once you've got everything working, you may wish configure GitLab to: + +* [Automatically redirect to the `openid_connect` provider at the login form](https://docs.gitlab.com/ee/integration/omniauth.html#sign-in-with-a-provider-automatically) + +* [Disable password authentication in GitLab](https://docs.gitlab.com/ee/administration/settings/sign_in_restrictions.html#password-authentication-enabled) + +* [Disable new sign-ups in GitLab](https://docs.gitlab.com/ee/administration/settings/sign_up_restrictions.html) + +More information about these features is available in GitLab's documentation. + ## JetBrains Hub and YouTrack > These instructions were tested with the on-prem version of JetBrains YouTrack