diff --git a/doc/sources/admin/applications.rst b/doc/sources/admin/applications.rst index 0baef94e0..ac8384031 100644 --- a/doc/sources/admin/applications.rst +++ b/doc/sources/admin/applications.rst @@ -15,6 +15,7 @@ Applications applications/dokuwiki applications/drupal applications/fusiondirectory + applications/gerrit applications/gitlab applications/glpi applications/googleapps @@ -89,6 +90,7 @@ Application Configuration .. image:: applications/dokuwiki_logo.png :doc:`Dokuwiki` ✔ .. image:: applications/drupal_logo.png :doc:`Drupal` ✔ .. image:: applications/fusiondirectory-logo.jpg :doc:`FusionDirectory` ✔ +.. image:: applications/gerrit_logo.png :doc:`Gerrit` ✔ .. image:: applications/gitlab_logo.png :doc:`Gitlab` ✔ ✔ .. image:: applications/glpi_logo.png :doc:`GLPI` ✔ .. image:: applications/googleapps_logo.png :doc:`Google Apps` ✔ diff --git a/doc/sources/admin/applications/gerrit.rst b/doc/sources/admin/applications/gerrit.rst new file mode 100644 index 000000000..0a9816221 --- /dev/null +++ b/doc/sources/admin/applications/gerrit.rst @@ -0,0 +1,89 @@ +Gerrit +====== + +|image0| + +Presentation +------------ + +`Gerrit `__ allows to review commits before they are integrated into a target branch. + +With the `OAuth2 provider plugin `__ Gerrit can use OAuth2 protocol for authentication. + +Configuration +------------- + +Gerrit +------ + +`Install `__ the OAuth Provider plugin. + +.. tip:: + + The LemonLDAP::NG support was added on February 23, 2020. + If you can't find a prebuilt package, you can use this `dockerfile `__ to build your own. + +Then, configure Gerrit: + +In ``/var/gerrit/etc/gerrit.config`` + +:: + + ... + [auth] + type = OAUTH + gitBasicAuthPolicy = HTTP + ... + [plugin "gerrit-oauth-provider-lemonldap-oauth"] + root-url = https://auth. + client-id = + +In ``/var/gerrit/etc/secret.config`` + +:: + + ... + [plugin "gerrit-oauth-provider-lemonldap-oauth"] + client-secret = + +LL::NG +------ + +Add an Open ID Connect Relying Party for Gerrit + +.. code-block:: bash + + # Exported attributes (the values must fit your LDAP schema) + lemonldap-ng-cli -yes 1 \ + addKey \ + oidcRPMetaDataExportedVars/gerrit preferred_username uid \ + oidcRPMetaDataExportedVars/gerrit name cn \ + oidcRPMetaDataExportedVars/gerrit email mail \ + oidcRPMetaDataExportedVars/gerrit sub email + + # Options > Basic > Allowed redirection addresses for login + # > Logout > Allowed redirection addresses for logout + lemonldap-ng-cli -yes 1 \ + addKey \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsRedirectUris 'http:///oauth' \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsPostLogoutRedirectUris 'https:///' + + # Options > Basic > Client ID + # > Basic > Client Secret + lemonldap-ng-cli -yes 1 \ + addKey \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientID '' \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientSecret '' + + # Timeout > ID Token expiration + # > Access Token expiration + # Security > ID Token signature algorithm + lemonldap-ng-cli -yes 1 \ + addKey \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenExpiration 3600 \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsAccessTokenExpiration 3600 \ + oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenSignAlg RS512 + + +.. |image0| image:: /applications/gerrit_logo.png + :class: align-center diff --git a/doc/sources/admin/applications/gerrit_logo.png b/doc/sources/admin/applications/gerrit_logo.png new file mode 100644 index 000000000..cfc27f067 Binary files /dev/null and b/doc/sources/admin/applications/gerrit_logo.png differ