I've posted this in the Gitlab group and wanted to get feedback here as well.
Question regarding SAML configuration. I'm currently running Gitlab 9.1 CE edition on CentOs 7. I have an Apache instance on the front end for a reverse proxy to Gitlab handling http(s) My gitlab.rb has the following configured external_url 'http://external.apache.server/gitlab/' gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' gitlab_rails['omniauth_block_auto_created_users'] = false # gitlab_rails['omniauth_auto_link_ldap_user'] = false gitlab_rails['omniauth_auto_link_saml_user'] = true # gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] # gitlab_rails['omniauth_providers'] = [ # { # "name" => "google_oauth2", # "app_id" => "YOUR APP ID", # "app_secret" => "YOUR APP SECRET", # "args" => { "access_type" => "offline", "approval_prompt" => "" } # } # ] In order to setup SAML my provider is asking for the information returned from http://external.apache.server/gitlab/users/auth/saml/metadata which returns a 404. In reading the SAML documentation, it mentions that Gitlab needs to be configured for SSL, not sure if this is why the URL mentioned above is returning a 404. The problem with enabling SSL is that my external URL is already providing that and if I use it as is https://external.apache.server then Gitlab is looking for key/cert for that domain on the box which doesn't seem correct. I don't want to change the external URL as it should be fronted by Apache. Bit confused on what the proper configuration should be. Thanks -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/51f19687-252f-455f-9b2a-cccfd2312541%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
