SSO between gitlab and azure AD doesnt work

Question

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
 gitlab_rails['omniauth_enabled'] = true
 gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_oauth2']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
 gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_oauth2']
 gitlab_rails['omniauth_sync_profile_attributes'] = ['azure_oauth2']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'azure_oauth2'
 gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
 gitlab_rails['omniauth_external_providers'] = ['azure_oauth2']
 gitlab_rails['omniauth_providers'] = [
    {
      "name" => "azure_oauth2",
      "args" => {
        "client_id" => "ee72xxxx-xxx",
        "client_secret" => "G9dxxx",
        "tenant_id" => "0c17xxxx-xxx",
      }
    }
  ]

At the minute I don't get the option to enable this as an OAuth option in Admin > Settings > Sign-in restrictions, on the login page there isn't a login with button and when I use the azure 'myapps' portal pressing the link takes me to the GitLab login page instead of logging me in, and there is no option to connect my profile in the integrations bit of my profile.

Thanks for reading my mini essay, any ideas?

score 1 · Accepted Answer · answered Aug 16 '18 at 22:40

1

What version of GitLab are you running?

First off, are you running gitlab-ctl reconfigure and gitlab-ctl restart after making any changes to gitlab.rb?

c.f.: https://stackoverflow.com/questions/33703246/cant-enable-google-login-omniauth-on-gitlab-ce#34110727

Do you have LDAP enabled at all? My understanding is that Azure still uses the LDAP users and you will want this line # gitlab_rails['omniauth_auto_link_ldap_user'] = false uncommented and set to true.

Check out this working configuration: Gitlab Omniauth to Azure ID (SSO) questions

Also, don't you want this line to be enabled: # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'azure_oauth2'

answered Aug 16 '18 at 22:40

yourcomputergenius

178
6

Been on holiday didn't see the post, sorry. – Brendan Jennings Aug 25 '18 at 16:33
No worries! It looks like GitLab has updated these settings and option a bit in 11.2.x – yourcomputergenius Aug 25 '18 at 16:44
We literally just upgraded from 10.3 to the latest - that'll probably be where the issue started. Thanks! – Brendan Jennings Aug 31 '18 at 17:18
Right! Best of luck – yourcomputergenius Aug 31 '18 at 23:45

SSO between gitlab and azure AD doesnt work

1 Answers1