gitlab-org--gitlab-foss/doc/integration
Stan Hu 88f2e9615c
Alias GitHub and BitBucket OAuth2 callback URLs
To prevent an OAuth2 covert redirect vulnerability, this commit adds and
uses an alias for the GitHub and BitBucket OAuth2 callback URLs to the
following paths:

GitHub: /users/auth/-/import/github
Bitbucket: /users/auth/-/import/bitbucket

This allows admins to put a more restrictive callback URL in the OAuth2
configuration settings. Instead of https://example.com, admins can now use:

https://example.com/users/auth

It's possible but not trivial to change Devise and OmniAuth to use a
different prefix for callback URLs instead of /users/auth. For now,
aliasing the import URLs under the /users/auth namespace should suffice.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56663
2019-01-31 16:52:48 +01:00
..
img Compress all images under doc/ 2018-12-18 11:09:04 +01:00
akismet.md Fix most instances of bare URLs in markdown 2019-01-24 06:52:33 +00:00
auth0.md Fix most instances of bare URLs in markdown 2019-01-24 06:52:33 +00:00
azure.md Fix most instances of bare URLs in markdown 2019-01-24 06:52:33 +00:00
bitbucket.md Alias GitHub and BitBucket OAuth2 callback URLs 2019-01-31 16:52:48 +01:00
cas.md Fix markdown link in Omniauth docs 2017-02-09 08:55:09 +01:00
chat_commands.md Rename "Slash commands" to "Quick actions" 2017-06-15 09:01:56 -05:00
crowd.md Move and update Crowd authentication documentation 2017-03-07 11:58:30 -06:00
external-issue-tracker.md Custom issue tracker 2017-11-21 15:21:50 +00:00
facebook.md Fix markdown link in Omniauth docs 2017-02-09 08:55:09 +01:00
github.md Alias GitHub and BitBucket OAuth2 callback URLs 2019-01-31 16:52:48 +01:00
gitlab.md Update/help integration screenshot 2018-06-06 16:43:36 +00:00
gmail_action_buttons_for_gitlab.md Make unordered lists conform to styleguide 2019-01-08 12:21:09 +10:00
google.md Remove documentation requiring activation of Google+ API 2018-12-29 00:19:16 -08:00
jira.md Move project services to new location under Integrations 2017-02-03 20:28:47 +01:00
ldap.md Change wording for LDAP doc that was moved to a new location 2017-02-20 14:15:35 +01:00
oauth2_generic.md Resolve "CE documentation is not CommonMark compliant" 2018-09-06 16:52:18 +00:00
oauth_provider.md Add more information and refactor format of topic 2019-01-11 15:38:15 +00:00
omniauth.md Make unordered lists conform to styleguide 2019-01-08 12:21:09 +10:00
openid_connect_provider.md Don't hash user ID in OIDC subject claim 2018-06-28 15:31:47 +02:00
README.md Remove Gemnasium service 2018-08-20 18:09:57 +00:00
recaptcha.md Update recaptcha docs for clarity 2018-12-07 21:47:34 +00:00
saml.md Fix most instances of bare URLs in markdown 2019-01-24 06:52:33 +00:00
shibboleth.md Fix markdown to render correctly 2018-11-20 16:41:01 +10:00
slack.md Refactor Slack service documentation 2016-07-22 12:37:05 +03:00
slash_commands.md Add slash command for moving an issue 2018-03-15 13:09:11 +00:00
trello_power_up.md Simple docs fixes 2017-10-23 14:11:51 +00:00
twitter.md Fix most instances of bare URLs in markdown 2019-01-24 06:52:33 +00:00

comments
false

GitLab Integration

GitLab integrates with multiple third-party services to allow external issue trackers and external authentication.

See the documentation below for details on how to configure these services.

  • Akismet Configure Akismet to stop spam
  • Auth0 OmniAuth Enable the Auth0 OmniAuth provider
  • Bitbucket Import projects from Bitbucket.org and login to your GitLab instance with your Bitbucket.org account
  • CAS Configure GitLab to sign in using CAS
  • External issue tracker Redmine, JIRA, etc.
  • Gmail actions buttons Adds GitLab actions to messages
  • JIRA Integrate with the JIRA issue tracker
  • LDAP Set up sign in via LDAP
  • OAuth2 provider OAuth2 application creation
  • OmniAuth Sign in via Twitter, GitHub, GitLab.com, Google, Bitbucket, Facebook, Shibboleth, SAML, Crowd, Azure and Authentiq ID
  • OpenID Connect Use GitLab as an identity provider
  • PlantUML Configure PlantUML to use diagrams in AsciiDoc documents.
  • reCAPTCHA Configure GitLab to use Google reCAPTCHA for new users
  • SAML Configure GitLab as a SAML 2.0 Service Provider
  • Trello Integrate Trello with GitLab

GitLab Enterprise Edition contains advanced Jenkins support.

Project services

Integration with services such as Campfire, Flowdock, HipChat, Pivotal Tracker, and Slack are available in the form of a Project Service.

SSL certificate errors

When trying to integrate GitLab with services that are using self-signed certificates, it is very likely that SSL certificate errors will occur on different parts of the application, most likely Sidekiq. There are 2 approaches you can take to solve this:

  1. Add the root certificate to the trusted chain of the OS.
  2. If using Omnibus, you can add the certificate to GitLab's trusted certificates.

OS main trusted chain

This resource has all the information you need to add a certificate to the main trusted chain.

This answer at Super User also has relevant information.

Omnibus Trusted Chain

Install the self signed certificate or custom certificate authorities in to GitLab Omnibus.

It is enough to concatenate the certificate to the main trusted certificate however it may be overwritten during upgrades:

cat jira.pem >> /opt/gitlab/embedded/ssl/certs/cacert.pem

After that restart GitLab with:

sudo gitlab-ctl restart