Hi- I run a gitlab instance for several hundred academic users. We use the omniauth-shibboleth login method successfully. Works A-OK from the web. Command line, of course, is a different story where you have to use your HTTPS password or ssh keys. I'd like to consider a possibility for enabling shibboleth from the command line. You can configure your Shibboleth identity provider to provide "ECP" cookies for non-browser clients. We do that just fine and use it and Apache to control access to some older git repositories.
https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP $ git config -l | grep cookie http.cookiefile=/tmp/ecpcookie.u#### We have a client that grabs an ECP cookie and stores it in a file based on your UID. I can then use this cookie to, say, look at my profile on our gitlab instance: curl -s -c /tmp/ecpcookie.u#### https://our.gitlab.org/u/thomas-downes But, the cookie gets ignored if I do a git clone operation. Again, this scheme works for Apache+git-http-backend for "vanilla" git repository serving. Why does it break? Is the gitlab rails application ignoring the cookie when the client is git itself? Tom -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/0687f772-3661-497a-83bc-c1f648a6bf65%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
