Add omniauthv2-shibboleth provider
What does this MR do and why?
This MR reverts the changes mentioned in #393065 (closed). It also adds a new version of the omniauth-shibboleth gem. The newer version uses omniauthv2 add test compatibility with ruby3 and should therefore satisfy the requirements mentioned in #393065 (closed).
Following the Gemfile guidelines I would like to request a security review /cc @gitlab-com/gl-security/appsec
I would also like to request the update of the MR with the lables frontend and backend. An add the request type/subtype type:feature
, feature:addition
and group:authentication and authorization
Furthermore I would love some feedback concerning the necessity of a change log entry as well as regarding the assignment to a milestone.
@gitlab-bot ready @tianwenchen @deepika.guliani
How to set up and validate locally
- Configure omniauth provider in
gitlab.rb
gitlab_rails['omniauth_providers'] = [
{
"name" => "shibboleth",
"label" => "shibboleth",
"args" => {
"shib_session_id_field" => "HTTP_SHIB_SESSION_ID",
"shib_application_id_field" => "HTTP_SHIB_APPLICATION_ID",
"uid_field" => "HTTP_PAIRWISE_ID",
"name_field" => "HTTP_DISPLAYNAME",
"info_fields" => { "email" => "HTTP_MAIL"}
}
}
]
- Authenticate against Shibboleth SP (otherwise authentication will fail with missing session)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #393065 (closed)