Gitlab integration with openid connect

StackOverflow https://stackoverflow.com/questions/22225188

Question

I was able to add openid support to gitlab via the omniauth-openid gem by doing some modifications to gitlab as documented here:

http://rahul-ghose.blogspot.in/2013/12/setup-gitlab-openid-authentication-with.html

I tried to follow a similar pattern when adding openid-connect support with this github repository:

https://github.com/jjbohn/omniauth-openid-connect

Here is what I did:

I added the following to config/initializers/devise.rb

  config.omniauth :openid_connect, :name => "openid-connect", :identifier => "http://<openid-connect-server>/.well-known/openid-configuration", :client_id =>"gitlab", :client_secret => "gitlab"

And the following to "app/controllers/omniauth_callbacks_controller.rb"

def openidconnect
  handle_omniauth
end

I get this in the gitlab production.log (stacktrace):

Started GET "/users/auth/openid-connect" for 127.0.0.1 at 2013-03-04 04:58:21 +0530

AttrRequired::AttrMissing ('identifier' required.):
  vendor/bundle/ruby/1.9.1/gems/attr_required-1.0.0/lib/attr_required.rb:59:in `attr_missing!'
  vendor/bundle/ruby/1.9.1/gems/rack-oauth2-1.0.7/lib/rack/oauth2/client.rb:15:in `initialize'
  vendor/bundle/ruby/1.9.1/gems/openid_connect-0.7.3/lib/openid_connect/client.rb:6:in `initialize'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:58:in `new'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:58:in `client'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:87:in `authorize_uri'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:62:in `request_phase'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:214:in `request_call'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:181:in `call!'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:164:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-cors-0.2.9/lib/rack/cors.rb:54:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-attack-2.3.0/lib/rack/attack.rb:63:in `call'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/etag.rb:23:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/conditionalget.rb:25:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/head.rb:11:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/flash.rb:241:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:225:in `context'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:220:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/cookies.rb:486:in `call'
  vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/query_cache.rb:36:in `call'
  vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/callbacks.rb:373:in `_run__1476305416189579609__call__callbacks'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/callbacks.rb:80:in `run_callbacks'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:38:in `call_app'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:67:in `block in tagged'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:25:in `tagged'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:67:in `tagged'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/request_id.rb:21:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/runtime.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/lock.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/sendfile.rb:112:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/engine.rb:511:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/application.rb:97:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/railtie/configurable.rb:30:in `method_missing'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/builder.rb:138:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:65:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in `each'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in `call'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:552:in `process_client'
  vendor/bundle/ruby/1.9.1/gems/unicorn-worker-killer-0.4.2/lib/unicorn/worker_killer.rb:51:in `process_client'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:632:in `worker_loop'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:500:in `spawn_missing_workers'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:142:in `start'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/bin/unicorn_rails:209:in `<top (required)>'
  vendor/bundle/ruby/1.9.1/bin/unicorn_rails:23:in `load'
  vendor/bundle/ruby/1.9.1/bin/unicorn_rails:23:in `<main>'

Can any one please help me out here?

Was it helpful?

Solution

This worked after using the following configuration:

config.omniauth :openid_connect, {
name: :openid_connect,
scope: [:openid, :profile],
response_type: :code,
client_options: {
port: 8081,
scheme: "https",
host: "myprovider.com",
identifier: "clientID",
secret: "clientSecret",
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
},
}

The name must be openid_connect and scopes are the minimal ones required.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top