gitlab-org--gitlab-foss/doc/administration/auth/crowd.md

3.2 KiB

type stage group info
reference Manage Authentication and Authorization To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

Atlassian Crowd OmniAuth provider (deprecated) (FREE SELF)

WARNING: This feature was deprecated in GitLab 15.3 and is planned for removal in 16.0.

Authenticate to GitLab using the Atlassian Crowd OmniAuth provider. Enabling this provider also allows Crowd authentication for Git-over-https requests.

Configure a new Crowd application

  1. Choose 'Applications' in the top menu, then 'Add application'.

  2. Go through the 'Add application' steps, entering the appropriate details. The screenshot below shows an example configuration.

    Example Crowd application configuration

Configure GitLab

  1. On your GitLab server, open the configuration file.

    Omnibus:

      sudo editor /etc/gitlab/gitlab.rb
    

    Source:

      cd /home/git/gitlab
    
      sudo -u git -H editor config/gitlab.yml
    
  2. See Configure initial settings for initial settings.

  3. Add the provider configuration:

    Omnibus:

      gitlab_rails['omniauth_providers'] = [
        {
          name: "crowd",
          # label: "Provider name", # optional label for login button, defaults to "Crowd"
          args: {
            crowd_server_url: "CROWD_SERVER_URL",
            application_name: "YOUR_APP_NAME",
            application_password: "YOUR_APP_PASSWORD"
          }
        }
      ]
    

    Source:

       - { name: 'crowd',
           # label: 'Provider name', # optional label for login button, defaults to "Crowd"
           args: {
             crowd_server_url: 'CROWD_SERVER_URL',
             application_name: 'YOUR_APP_NAME',
             application_password: 'YOUR_APP_PASSWORD' } }
    
  4. Change CROWD_SERVER_URL to the base URL of your Crowd server.

  5. Change YOUR_APP_NAME to the application name from Crowd applications page.

  6. Change YOUR_APP_PASSWORD to the application password you've set.

  7. Save the configuration file.

  8. Reconfigure (Omnibus GitLab) or restart (source installations) for the changes to take effect.

On the sign in page there should now be a Crowd tab in the sign in form.

Troubleshooting

Error: "could not authorize you from Crowd because invalid credentials"

This error sometimes occurs when a user attempts to authenticate with Crowd. The Crowd administrator should consult the Crowd log file to know the exact cause of this error message.

Ensure the Crowd users who must sign in to GitLab are authorized to the application in the Authorization step. This could be verified by trying "Authentication test" for Crowd (as of 2.11).

Example Crowd application authorization configuration