Gitlab Integration with Keycloak

In this post, we will be discussing how to integrate our Gitlab Server with keycloak.

Requirements:

Keycloak server: keycloak.server.com

GITLAB server: gitlab.server.com

NOTE: For GITLAB & KEYCLOAK SETUP, follow the below mention links.

STEP 1. Create a SAML Client in Keycloak.

Our realm name is Devops. Yours can be different. So change Devops with your own realm name wherever possible.

Go to the Clients page and click the Create button in the right upper corner.

Note: Replace the gitlab.server.com with your GitLab server name.

STEP 2 — Configure your new SAML Client in Keycloak for Gitlab.

Go to clients -> gitlab.server.com -> settings tab.

Roles Tab.

Go to clients -> gitlab.server.com -> settings -> Roles

Mappers Tab

Mappers allow you to map user information to parameters in the SAML 2.0 request for GitLab. For example, a name mapper will be used to map the Username into the request for GitLab.We will create few mappers for Gitlab in Keycloak.

Go to clients -> gitlab.server.com -> settings -> Mappers

Repeat the same process and create other mappers for email, first_name, last_name, and roles as shown below.

Name: name

Mapper Type: User Property

Property: Username

Friendly Name: Username

SAML Attribute Name: name

SAML Attribute NameFormat: Basic

*************************

Name: email

Mapper Type: User Property

Property: Email

Friendly Name: Email

SAML Attribute Name: email

SAML Attribute NameFormat: Basic

***************************

Name: first_name

Mapper Type: User Property

Property: FirstName

Friendly Name: First Name

SAML Attribute Name: first_name

SAML Attribute NameFormat: Basic

****************************

Name: last_name

Mapper Type: User Property

Property: LastName

Friendly Name: Last Name

SAML Attribute Name: last_name

SAML Attribute NameFormat: Basic

****************************

Name: roles

Mapper Type: Role list

Role attribute name: roles

Friendly Name: Roles

SAML Attribute NameFormat: Basic

Single Role Attribute: On

Scope Tab.

Set full Scope Allowed to ON.

Step 3: Copy Certificate from Realm.

Go to Realm -> Keys -> RSA256 -> click on certificate -> copy it.

Step 4: Setup Gitlab.

SSH into the GitLab server and take the backup of gitlab.rb file.

cd /etc/gitlab/

Now open the gitlab.rb in vim or nano and paste the following lines at the start/end of the file & save it.

Step 5: Reconfigure the Gitlab.

Run this command in your GitLab server terminal.

gitlab-ctl reconfigure

Browse to your GitLab server and you will have something like this.

Enjoy, Gitlab with keycloak Authentication.

A DevOps who is passionate about Autom@tion.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store