Configuring GitLab with Keycloak[SAML] Identity Provider
Summary
I have used below docker image of Gitlab community edition. Referring to the below document : https://docs.gitlab.com/omnibus/docker/
I tried providing it an identity provider[Keycloak with saml]. Following document has been referred : https://docs.gitlab.com/ce/integration/saml.html
After reconfiguring, i have created the a user on the keycloak but it says : "User has been blocked. Kindly contact gitlab administrator."
Below is my setting in the gitlab.rb file :
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = ''
gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
"name" => "saml",
"label" => "GitLab SAML Keycloak",
"groups_attribute" => "roles",
"external_groups" => ["13.233.13.67:external"],
"args" => {
"assertion_consumer_service_url" => 'https://xx.xx.xx.xx/users/auth/saml/callback',
"idp_cert"=> "-----BEGIN CERTIFICATE-----\n<CERT>\n-----END CERTIFICATE-----\n",
"idp_sso_target_url"=> 'https://xx.xx.xx.xx:8443/auth/realms/<realm>/protocol/saml/clients/<ClientID',
"issuer"=> '<ClientId>',
"name_identifier_format"=> 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
"attribute_statements"=> { "first_name" => ['first_name'],"last_name" => ['last_name'],"name" => ['name'],"username"=> ['name'],"email" => ['email'] }
}
}
]
A link said : set flag gitlab_rails['omniauth_block_auto_created_users'] to false. Since it says same.
Steps to reproduce
Follow the steps defined in the document : https://docs.gitlab.com/omnibus/docker/ This will configure the gitlab.
Then follow below document with the given gitlab.rb setting : https://docs.gitlab.com/ce/integration/saml.html
Example Project
version : GitLab : 10.8.7-ce.0
What is the current bug behavior?
It says user is blocked.Contact Gitlab adminstrator.