GitLab + Azure OAuth2 OmniAuth

Description

GitLab integrates with many external authentication and authorization providers. Full list can be found here.

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.

OmniAuth is a library that standardizes multi-provider authentication for web applications. It's also a wrapper around OAuth2 which handles the details of the protocol without bothering you too much with them.

Integration with Azure can be done using Azure OAuth2 OmniAuth provider.

Preconfiguration

1.GitLab installation

 

Follow official GitLab documentation to install GitLab instance

GitLab Install

Configuration (AzureAD)

2.Register new application

Log into Azure Portal, select Azure Active Directory, then click App Registrations.

Redirect URI must be set to:

  • type: Web
  • URI: https://<your_gitlab_domain>/users/auth/azure_oauth2/callback

3.Capture App details

Save Client ID and Tennant ID. Both parameters will be require in GitLab configuration.

4. Create Client Secret

Select Certificates and Secrets to add new Client Secret

5. Client Secret expiration 

Set Client Secret expiration time

6. Store Client Secret

Client Secret can be accessible only once. Save it as it will be required in GitLab config

7. Collect AzureAD users emails

List all AzureAD users and log all user's emails who should have access to GitLab

Configuration (GitLab server)

8. Edit/update GitLab config

Log into GitLab server, edit /etc/gitlab/gitlab.rb config file by adding parameters captured in previous steps.

Execute:

gitlab-ctl reconfigure

... to apply changes

9. Create users in GitLab

Log into GitLab as an administrator and create all users who should have access into application (emails must be the same as you captured in step #7)

Test Area

10. Access GitLab (#1)

Open GitLab url using yiour favourite browser. You should be redirected to Microsoft page to provide authentication

11. Access GitLab (#2)

You have been successfully logged into GitLab

me@radkowski.pro