我已经在 CentOS VM 上安装了 Gitlab-CE,并尝试使用通用 OAuth2 提供程序配置登录,更具体地说,我实际上使用的是IBM Security Access Manager 9.0.6。
到目前为止,在对omniauth-oauth2-generic gem 配置稍作调整后,Sign On就可以工作了:
我确实看到了 SSO 按钮:
在管理区域,我确实找到了使用 oauth2 身份提供者的用户:
我的问题是用户登录时没有设置用户信息:
这是我的omniauth配置:
#https://gitlab.com/satorix/omniauth-oauth2-generic
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
'name' => 'oauth2_generic',
'app_id' => '9gzCzRKeiipexDRXsJOJ',
'app_secret' => 'mysecret',
'args' => {
client_options: {
'site' => 'https://example.com', # including port if necessary
'authorize_url': '/mga/sps/oauth/oauth20/authorize',
'token_url': '/mga/sps/oauth/oauth20/token',
'user_info_url' => '/mga/sps/oauth/oauth20/userinfo'
},
user_response_structure: {
root_path: [],
id_path: ['sub'],
attributes: {
nickname: 'sub',
name: 'name',
first_name: 'given_name',
last_name: 'family_name'
}
}
# optionally, you can add the following two lines to "white label" the display name
# of this strategy (appears in urls and Gitlab login buttons)
# If you do this, you must also replace oauth2_generic, everywhere it appears above, with the new name.
#name: 'IBM ISAM', # display name for this strategy
#strategy_class: "OmniAuth::Strategies::OAuth2Generic" # Devise-specific config option Gitlab uses to find renamed strategy
}
}
]
我的用户信息端点返回:
{ "sub":"XCQX342",
"nickname": "Kalem",
"name": "My name",
"given_name": "My name",
"family_name": "My surname",
"email": "myemail@example.com"
}
我已经将我的配置与http://lifeinide.com/post/2017-08-30-jetbrains-hub-as-oauth2-provider-for-gitlab/进行了比较,但我看不出做错了什么,以及为什么gitlab 无法解析用户属性。
谢谢你的帮助。