debian-mirror-gitlab/doc/administration/auth/crowd.md

98 lines
3.4 KiB
Markdown
Raw Normal View History

2019-09-30 21:07:59 +05:30
---
type: reference
2020-06-23 00:09:42 +05:30
stage: Manage
2022-04-04 11:22:00 +05:30
group: Authentication and Authorization
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2019-09-30 21:07:59 +05:30
---
2022-08-27 11:52:29 +05:30
# Atlassian Crowd OmniAuth provider (deprecated) **(FREE SELF)**
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369117) in GitLab 15.3 and is planned for
removal in 16.0.
2017-08-17 22:00:37 +05:30
2021-02-22 17:27:13 +05:30
Authenticate to GitLab using the Atlassian Crowd OmniAuth provider. Enabling
this provider also allows Crowd authentication for Git-over-https requests.
2019-09-30 21:07:59 +05:30
2017-08-17 22:00:37 +05:30
## Configure a new Crowd application
1. Choose 'Applications' in the top menu, then 'Add application'.
1. Go through the 'Add application' steps, entering the appropriate details.
The screenshot below shows an example configuration.
2019-09-30 21:07:59 +05:30
![Example Crowd application configuration](img/crowd_application.png)
2017-08-17 22:00:37 +05:30
## Configure GitLab
1. On your GitLab server, open the configuration file.
2019-09-30 21:07:59 +05:30
**Omnibus:**
2017-08-17 22:00:37 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
sudo editor /etc/gitlab/gitlab.rb
```
2017-08-17 22:00:37 +05:30
2019-09-30 21:07:59 +05:30
**Source:**
2017-08-17 22:00:37 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
cd /home/git/gitlab
2017-08-17 22:00:37 +05:30
2019-09-30 21:07:59 +05:30
sudo -u git -H editor config/gitlab.yml
```
2017-08-17 22:00:37 +05:30
2023-04-23 21:23:45 +05:30
1. Edit the [common configuration file settings](../../integration/omniauth.md#configure-common-settings)
to add `crowd` as a single sign-on provider. This enables Just-In-Time
account provisioning for users who do not have an existing GitLab account.
2017-08-17 22:00:37 +05:30
1. Add the provider configuration:
2019-09-30 21:07:59 +05:30
**Omnibus:**
```ruby
gitlab_rails['omniauth_providers'] = [
{
2022-01-26 12:08:38 +05:30
name: "crowd",
# label: "Provider name", # optional label for login button, defaults to "Crowd"
args: {
crowd_server_url: "CROWD_SERVER_URL",
application_name: "YOUR_APP_NAME",
application_password: "YOUR_APP_PASSWORD"
2019-09-30 21:07:59 +05:30
}
}
]
```
**Source:**
2020-04-08 14:13:33 +05:30
```yaml
2019-09-30 21:07:59 +05:30
- { name: 'crowd',
2022-01-26 12:08:38 +05:30
# label: 'Provider name', # optional label for login button, defaults to "Crowd"
2019-09-30 21:07:59 +05:30
args: {
crowd_server_url: 'CROWD_SERVER_URL',
application_name: 'YOUR_APP_NAME',
application_password: 'YOUR_APP_PASSWORD' } }
```
2022-08-27 11:52:29 +05:30
1. Change `CROWD_SERVER_URL` to the [base URL of your Crowd server](https://confluence.atlassian.com/crowdkb/how-to-change-the-crowd-base-url-245827278.html).
2017-08-17 22:00:37 +05:30
1. Change `YOUR_APP_NAME` to the application name from Crowd applications page.
1. Change `YOUR_APP_PASSWORD` to the application password you've set.
1. Save the configuration file.
2022-08-27 11:52:29 +05:30
1. [Reconfigure](../restart_gitlab.md#omnibus-gitlab-reconfigure) (Omnibus GitLab) or [restart](../restart_gitlab.md#installations-from-source) (source installations) for
the changes to take effect.
2017-08-17 22:00:37 +05:30
On the sign in page there should now be a Crowd tab in the sign in form.
2018-03-17 18:26:18 +05:30
## Troubleshooting
2022-08-27 11:52:29 +05:30
### Error: "could not authorize you from Crowd because invalid credentials"
2018-03-17 18:26:18 +05:30
2022-08-27 11:52:29 +05:30
This error sometimes occurs when a user attempts to authenticate with Crowd. The
Crowd administrator should consult the Crowd log file to know the exact cause of
this error message.
2018-03-17 18:26:18 +05:30
2022-08-27 11:52:29 +05:30
Ensure the Crowd users who must sign in to GitLab are authorized to the
2021-12-11 22:18:48 +05:30
[application](#configure-a-new-crowd-application) in the **Authorization** step.
2021-01-29 00:20:46 +05:30
This could be verified by trying "Authentication test" for Crowd (as of 2.11).
2018-03-17 18:26:18 +05:30
2021-12-11 22:18:48 +05:30
![Example Crowd application authorization configuration](img/crowd_application_authorisation.png)