You need to sign in or sign up before continuing.
Gitlab Auth0 integration signs in the wrong user
Summary
In certain situations, Gitlab with Auth0 omniauth will sign in the wrong user
Steps to reproduce
I have a Auth0 enabled in gitlab with the following config:
gitlab_rails['omniauth_providers'] = [
{ "name" => "auth0",
"args" => { client_id: '{{ gitlab_auth0_client_id }}',
client_secret: '{{ gitlab_auth0_client_secret }}',
namespace: 'auth0tenant.eu.auth0.com',
scope: 'openid profile email'
}
},
{
"name" => "bitbucket",
"app_id" => "{{ gitlab_bitbucket_app_id }}",
"app_secret" => "{{ gitlab_bitbucket_app_secret }}",
"url" => "https://bitbucket.org/"
}
]
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['auth0']
#gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'auth0'
gitlab_rails['omniauth_block_auto_created_users'] = false
Auth0 is again linked to an Azure AD instance where user accounts live.
I have two users, user1 and user2.
If I do the following:
- Log in to gitlab the first user using the auth0/Azure AD flow
- Log out of gitlab
- Use the "global logout" url in Auth0 to do a complete federated logout
(https://<tenant>.eu.auth0.com/v2/logout?federated)
- Log in with the another user
I end up being logged on to user1 in gitlab instead of user2. There are some overlaps between the two users, such as firstname begint identical, but they are completely separate users.
Example Project
N/A
What is the current bug behavior?
Gitlab logs in the wrong users
What is the expected correct behavior?
Gitlab logs in the correct user
Relevant logs and/or screenshots
January 06, 2018 14:21: User Logout: username=trondhindenes ip=10.245.11.156
January 06, 2018 14:21: (OAuth) saving user Trond.Hindenes@tenant.no from login with extern_uid =>
January 06, 2018 14:26: User Logout: username=trondhindenes ip=10.245.11.156
January 06, 2018 14:26: (OAuth) saving user trondtest@tenant.onmicrosoft.com from login with extern_uid =>
January 06, 2018 14:26: User Logout: username=trondhindenes ip=10.245.11.156
January 06, 2018 14:28: (OAuth) saving user trondtest2@tenant.onmicrosoft.com from login with extern_uid =>
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
System information
System: Ubuntu 16.04
Current User: git
Using RVM: no
Ruby Version: 2.3.5p376
Gem Version: 2.6.13
Bundler Version:1.13.7
Rake Version: 12.3.0
Redis Version: 3.2.11
Git Version: 2.14.3
Sidekiq Version:5.0.4
Go Version: unknown
GitLab information
Version: 10.3.2
Revision: 5fbc5f2
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: https://git.rikstv.no
HTTP Clone URL: https://git.rikstv.no/some-group/some-project.git
SSH Clone URL: git@git.rikstv.no:some-group/some-project.git
Using LDAP: no
Using Omniauth: yes
Omniauth Providers: auth0, bitbucket
GitLab Shell
Version: 5.10.2
Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories
- efs: /opt/gitlab-data/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/git
Edited by Trond Hindenes