Skip to content

Vendor omniauth_crowd gem

Jessie Young requested to merge jy-omniauth-crowd into master

What does this MR do and why?

  • Our ultimate goal is to upgrade omniauth to v2.0. See the related issue
  • In order to upgrade omniauth to v2.0, we need to upgrade omniauth_crowd because the latter has a dependency on the former.
  • There is an open issue asking the maintainer to make omniauth_crowd compatible with omniauth v2.0 but it has not been responded to: https://github.com/robdimarco/omniauth_crowd/issues/37
  • This MR vendors the gem and updates its .gemspec file so that it is compatible with omniauth v2.0
  • We may deprecate our usage of this gem in the future (issue)
  • This MR inspired by approach in !90866 (merged)

Screenshots or screen recordings

successful oauth login with Crowd using code in this branch (locally): crowd_oauth_sign_in

How to set up and validate locally

  1. Download Crowd and set up local server: https://confluence.atlassian.com/crowd/installing-crowd-24248834.html
  2. Configure a Crowd application in your local Crowd instance to point to your local GitLab instance (http://localhost:3000): https://docs.gitlab.com/ee/administration/auth/crowd.html#configure-a-new-crowd-application
  3. Set up your local GitLab instance to work with Crowd OAuth by editing config/gitlab.yml's development/omniauth config. The default crowd_server_url for a local instance would be 'http://localhost:8095/crowd' (the remaining config should match what you set up for your Crowd application in Step 2). Also set allow_single_sign_on: true in this file so that user accounts can be created automatically when authentication is successful.
  4. Log into your local GitLab instance as an administrator and visit Admin > Settings > General and uncheck the box "Require admin approvals for new sign-ups" (so that a Crowd OAuth user can sign in / up)
  5. Select the "Crowd" tab at http://127.0.0.1:3000/users/sign_in and sign in as your Crowd user.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jessie Young

Merge request reports