Skip to content

How to use multiple omniauth redirect_uri and multiple openid_connect providers?

Hello, I have a self hosted gitlab exposed with two different urls ( gitlab.internal.com , gitlab.external.com ) .

  1. Is there a way to configure 2 redirect_uri to have my provider redirect to correct url ? i tried the config bellow but it didn't work :
gitlab_rails['omniauth_providers'] = [
   { 'name' => 'openid_connect',
    'label' => 'keycloak external',
    'args' => {
      'name' => 'openid_connect',
      'scope' => ['openid','profile'],
      'response_type' => 'code',
      'issuer' => 'https://my_issuer',
      'discovery' => true,
      'client_auth_method' => 'basic',
      'send_scope_to_token_endpoint' => 'false',
      'client_options' => {
        'identifier' => 'myidentifier',
        'secret' => 'mysecret',
        'redirect_uri' => ['http://gitlab.external.com/users/auth/openid_connect/callback','http://gitlab.internal.com/users/auth/openid_connect/callback']
      }
    }
  }
]
  1. I also tried to create 2 providers config with different redirect _uri but in the GUI , only one is showed: my config :
gitlab_rails['omniauth_providers'] = [
   { 'name' => 'openid_connect',
    'label' => 'keycloak external',
    'args' => {
      'name' => 'openid_connect',
      'scope' => ['openid','profile'],
      'response_type' => 'code',
      'issuer' => 'https://my_issuer',
      'discovery' => true,
      'client_auth_method' => 'basic',
      'send_scope_to_token_endpoint' => 'false',
      'client_options' => {
        'identifier' => 'myidentifier',
        'secret' => 'mysecret',
        'redirect_uri' => 'http://gitlab.external.com/users/auth/openid_connect/callback'
      }
    }
  },
  { 'name' => 'openid_connect',
    'label' => 'keycloak internal',
    'args' => {
      'name' => 'openid_connect',
      'scope' => ['openid','profile'],
      'response_type' => 'code',
      'issuer' => 'https://my_issuer',
      'discovery' => true,
      'client_auth_method' => 'basic',
      'send_scope_to_token_endpoint' => 'false',
      'client_options' => {
        'identifier' => 'myidentifier',
        'secret' => 'mysecret',
        'redirect_uri' => 'http://gitlab.internal.com/users/auth/openid_connect/callback'
      }
    }
  }

]

i'm having this : image

gitlab-rake gitlab:env:info

System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.7.2p137
Gem Version:    3.1.4
Bundler Version:2.1.4
Rake Version:   13.0.3
Redis Version:  5.0.9
Git Version:    2.29.0
Sidekiq Version:5.2.9
Go Version:     unknown

GitLab information
Version:        13.8.4

Possible workaround

See #5992 (comment 531415600)

Edited by Cynthia "Arty" Ng