Gitlab Integration with Keycloak

In this post, we will be discussing how to integrate our Gitlab Server with keycloak.


Keycloak server:

GITLAB server:

NOTE: For GITLAB & KEYCLOAK SETUP, follow the below mention links.

STEP 1. Create a SAML Client in Keycloak.

Our realm name is Devops. Yours can be different. So change Devops with your own realm name wherever possible.


Go to the Clients page and click the Create button in the right upper corner.

Note: Replace the with your GitLab server name.

STEP 2 — Configure your new SAML Client in Keycloak for Gitlab.

Go to clients -> -> settings tab.

Roles Tab.

Go to clients -> -> settings -> Roles

Mappers Tab

Mappers allow you to map user information to parameters in the SAML 2.0 request for GitLab. For example, a name mapper will be used to map the Username into the request for GitLab.We will create few mappers for Gitlab in Keycloak.

Go to clients -> -> settings -> Mappers

Repeat the same process and create other mappers for email, first_name, last_name, and roles as shown below.

Name: name

Mapper Type: User Property

Property: Username

Friendly Name: Username

SAML Attribute Name: name

SAML Attribute NameFormat: Basic


Name: email

Mapper Type: User Property

Property: Email

Friendly Name: Email

SAML Attribute Name: email

SAML Attribute NameFormat: Basic


Name: first_name

Mapper Type: User Property

Property: FirstName

Friendly Name: First Name

SAML Attribute Name: first_name

SAML Attribute NameFormat: Basic


Name: last_name

Mapper Type: User Property

Property: LastName

Friendly Name: Last Name

SAML Attribute Name: last_name

SAML Attribute NameFormat: Basic


Name: roles

Mapper Type: Role list

Role attribute name: roles

Friendly Name: Roles

SAML Attribute NameFormat: Basic

Single Role Attribute: On

Mappers Definitions

Scope Tab.

Set full Scope Allowed to ON.

Step 3: Copy Certificate from Realm.

Go to Realm -> Keys -> RSA256 -> click on certificate -> copy it.

Step 4: Setup Gitlab.

SSH into the GitLab server and take the backup of gitlab.rb file.

cd /etc/gitlab/

Now open the gitlab.rb in vim or nano and paste the following lines at the start/end of the file & save it.

gitlab_rails[‘omniauth_enabled’] = true
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘saml’]
# gitlab_rails[‘omniauth_auto_sign_in_with_provider’] = ‘saml’
gitlab_rails[‘omniauth_block_auto_created_users’] = false
# gitlab_rails[‘omniauth_auto_link_ldap_user’] = false
gitlab_rails[‘omniauth_auto_link_saml_user’] = true
gitlab_rails[‘omniauth_providers’] = [
name: ‘saml’,
args: {
assertion_consumer_service_url: ‘',
idp_cert: “ -----BEGIN CERTIFICATE-----
\n <paste your certificate here >\n -----END CERTIFICATE----- \n”,
idp_sso_target_url: ‘,
issuer: ‘’,
name_identifier_format: ‘urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'

Step 5: Reconfigure the Gitlab.

Run this command in your GitLab server terminal.

gitlab-ctl reconfigure

Browse to your GitLab server and you will have something like this.

Enjoy, Gitlab with keycloak Authentication.

A DevOps who is passionate about Autom@tion.