Woops. I happened to pick a public URI fro the curl command. :) If I try to curl a private one, gitlab redirects me to the sign-in page.
So even though gitlab seems to ignore this cookie, it can be successfully used by the git command line tool. In principle, I think GitLab could use the git http.savecookies configuration knob to avoid some of the need for credential helpers. So this isn't just a shibboleth thing. It could help gitlab be more command-line friendly for all http clone operations. Tom On Wednesday, May 4, 2016 at 6:44:32 PM UTC-5, Tom Downes wrote: > > Hi- > > I run a gitlab instance for several hundred academic users. We use the > omniauth-shibboleth login method successfully. Works A-OK from the web. > Command line, of course, is a different story where you have to use your > HTTPS password or ssh keys. I'd like to consider a possibility for enabling > shibboleth from the command line. You can configure your Shibboleth > identity provider to provide "ECP" cookies for non-browser clients. We do > that just fine and use it and Apache to control access to some older git > repositories. > > https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP > > $ git config -l | grep cookie > http.cookiefile=/tmp/ecpcookie.u#### > > We have a client that grabs an ECP cookie and stores it in a file based on > your UID. I can then use this cookie to, say, look at my profile on our > gitlab instance: > > curl -s -c /tmp/ecpcookie.u#### https://our.gitlab.org/u/thomas-downes > > But, the cookie gets ignored if I do a git clone operation. Again, this > scheme works for Apache+git-http-backend for "vanilla" git repository > serving. Why does it break? Is the gitlab rails application ignoring the > cookie when the client is git itself? > > Tom > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/98b98d79-978a-4403-939b-9d8b9f0fc100%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
