GitLab | OIDC

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

 

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

 

3. Prepare IDP

Copy the Callback URL. You will need this when configuring GitLab.

 

Configure GitLab

external

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up OIDC.

Sign in to your Gitlab server as an admin user. Go into the GitLab preferences from the upper right menu.

 

 

Go to Applications. Here you can create a new OIDC application. Give the app a name and paste in the callback url generated by the Kantega SSO add-on in the Redirect URI field.

Under Scopes, check the openid scope to enable OIDC authentication. You can also check the profile and email scopes if you are using just-in-time provisioning. Save the application when done.

In the following page, copy and keep the Application ID and Secret for later. You will need these later in the KSSO Setup Wizard.

Go back to the Kantega SSO setup wizard.

4. Metadata

In the Metadata step, replace the {idp_url} placeholder in the Discovery URL with your GitLab hostname.

 

 

5. Scopes

These are the scopes we were able to fetch from the metadata. You can add scope values from a list, start typing to add your own or unselect them. A minimum of one scope value is required.

 

6. Credentials

Paste the Application ID and Secret values that you kept from the GitLab application setup into the Client ID and Client Secret fields, respectively.

7. Summary

Check that everything looks good and submit your setup

 

Test

Test that the log in with GitLab works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.