You need to sign in or sign up before continuing.
Support Subject Alternative Name certificate extension for Smartcard authentication
With https://gitlab.com/gitlab-org/gitlab-ee/issues/726, we added support for basic X.509 certificates. Subject Alternative Name seems to be a popular certificate extension and can be used to store email addresses and usernames which we use for authentication. It was also mentioned in https://gitlab.com/gitlab-org/gitlab-ee/issues/5411#note_71444617
Proposal
- Support using SAN certificate extension.
- Allow an instance to define a specific field as a matching element to map certificates to GitLab users.
- Email should still be a requirement.
/cc @jeremy
Edited by Jeremy Watson (ex-GitLab)