omniauth custom logo
Description
Until Gitlab CE 8.17, we could modify the auth_helper.rb
in order to define a custom logo for SAML or Shibboleth.
As I understand, nodejs has been removed from the gitlab-ce rpm which now block this "hack"/feature.
Here is what I was doing before 8.17 :
cp /opt/update_shibboleth/custom_logo_64.png /opt/gitlab/embedded/service/gitlab-rails/app/assets/images/auth_buttons/shibboleth_64.png
cp /opt/update_shibboleth/custom_logo_64.png /opt/gitlab/embedded/service/gitlab-rails/app/assets/images/auth_buttons/saml_64.png
echo "Modify the auth_helper.rb to add the shibboleth provider in the PROPVIDER_WITH_ICONS variable"
sed -i 's/azure_oauth2/azure_oauth2 shibboleth saml/' /opt/gitlab/embedded/service/gitlab-rails/app/helpers/auth_helper.rb
yum install -y acl
setfacl -R -m u:git:rwX /opt/gitlab/embedded/service/gitlab-rails/public/assets/
gitlab-rake assets:precompile RAILS_ENV=production
chmod -R a+rX /opt/gitlab/embedded/service/gitlab-rails/public/assets/
setfacl -R -x u:git /opt/gitlab/embedded/service/gitlab-rails/public/assets/
gitlab-ctl reconfigure
gitlab-ctl restart
Here is what I have to do now :
cp /opt/update_shibboleth/custom_logo_64.png /opt/gitlab/embedded/service/gitlab-rails/app/assets/images/auth_buttons/shibboleth_64.png
cp /opt/update_shibboleth/custom_logo_64.png /opt/gitlab/embedded/service/gitlab-rails/app/assets/images/auth_buttons/saml_64.png
echo "Modify the auth_helper.rb to add the shibboleth provider in the PROPVIDER_WITH_ICONS variable"
sed -i 's/azure_oauth2/azure_oauth2 shibboleth saml/' /opt/gitlab/embedded/service/gitlab-rails/app/helpers/auth_helper.rb
echo "Regenerating the assets"
yum install -y acl
setfacl -R -m u:git:rwX /opt/gitlab/embedded/service/gitlab-rails/public/assets/
cd /opt/gitlab/embedded/service/gitlab-rails
rm -rf node_modules
npm install --unsafe-perm
rm /opt/gitlab/etc/gitlab-rails/env/EXECJS_RUNTIME
setfacl -R -m u:git:rwX /opt/gitlab/embedded/service/gitlab-rails/public/assets/
RAILS_ENV=production NODE_ENV=production gitlab-rake gitlab:assets:compile --trace
chmod -R a+rX /opt/gitlab/embedded/service/gitlab-rails/public/assets/
setfacl -R -x u:git /opt/gitlab/embedded/service/gitlab-rails/public/assets/
echo "Done, now reconfigure gitlab and restart"
gitlab-ctl reconfigure
gitlab-ctl restart
I don't know how long this will be possible but it's getting more and more difficult to customise it.
Proposal
Give the opportunity to define a custom logo directly in the gitlab.rb for each omniauth provider (even the ones that already have a logo) without having to recompile the assets.
gitlab_rails['omniauth_providers'] = [
{
name => 'shibboleth',
"label" => "ShibShib",
"args" => {
"shib_session_id_field" => "HTTP_SHIB_SESSION_ID",
"shib_application_id_field" => "HTTP_SHIB_APPLICATION_ID",
"uid_field" => "HTTP_REMOTE_USER",
"name_field" => "HTTP_COMONNAME",
"info_fields" => { "email" => "HTTP_MAIL", "nickname" => "HTTP_REMOTE_USER" }
},
logo: '/opt/gitlab_logo/shibboleth_64.png'
},
{
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab.mycompany.fr/users/auth/saml/callback',
idp_cert_fingerprint: 'XX:XXX.......',
idp_sso_target_url: 'https://idp.mycompany.fr/idp/profile/SAML2/Redirect/SSO',
issuer: 'https://gitlab.mycompany.fr/',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
attribute_statements: { nickname: ['urn:oid:0.9.2342.456890300.100.1.1'], email: ['urn:oid:0.9.2342.54564643.100.1.3'], name: ['urn:oid:2.5.4.3'] }
},
label: 'SAML_AUTH',
logo: '/opt/gitlab_logo/saml_64.png'
},
....
This would avoid modifying the package and give the oportunity to have a customized login page