Add configuration details to use LL:NG SSO with Gerrit
This commit is contained in:
parent
93cb619cd2
commit
1d8a46493c
|
@ -15,6 +15,7 @@ Applications
|
||||||
applications/dokuwiki
|
applications/dokuwiki
|
||||||
applications/drupal
|
applications/drupal
|
||||||
applications/fusiondirectory
|
applications/fusiondirectory
|
||||||
|
applications/gerrit
|
||||||
applications/gitlab
|
applications/gitlab
|
||||||
applications/glpi
|
applications/glpi
|
||||||
applications/googleapps
|
applications/googleapps
|
||||||
|
@ -89,6 +90,7 @@ Application Configuration
|
||||||
.. image:: applications/dokuwiki_logo.png :doc:`Dokuwiki<applications/dokuwiki>` ✔
|
.. image:: applications/dokuwiki_logo.png :doc:`Dokuwiki<applications/dokuwiki>` ✔
|
||||||
.. image:: applications/drupal_logo.png :doc:`Drupal<applications/drupal>` ✔
|
.. image:: applications/drupal_logo.png :doc:`Drupal<applications/drupal>` ✔
|
||||||
.. image:: applications/fusiondirectory-logo.jpg :doc:`FusionDirectory<applications/fusiondirectory>` ✔
|
.. image:: applications/fusiondirectory-logo.jpg :doc:`FusionDirectory<applications/fusiondirectory>` ✔
|
||||||
|
.. image:: applications/gerrit_logo.png :doc:`Gerrit<applications/gerrit>` ✔
|
||||||
.. image:: applications/gitlab_logo.png :doc:`Gitlab<applications/gitlab>` ✔ ✔
|
.. image:: applications/gitlab_logo.png :doc:`Gitlab<applications/gitlab>` ✔ ✔
|
||||||
.. image:: applications/glpi_logo.png :doc:`GLPI<applications/glpi>` ✔
|
.. image:: applications/glpi_logo.png :doc:`GLPI<applications/glpi>` ✔
|
||||||
.. image:: applications/googleapps_logo.png :doc:`Google Apps<applications/googleapps>` ✔
|
.. image:: applications/googleapps_logo.png :doc:`Google Apps<applications/googleapps>` ✔
|
||||||
|
|
89
doc/sources/admin/applications/gerrit.rst
Normal file
89
doc/sources/admin/applications/gerrit.rst
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
Gerrit
|
||||||
|
======
|
||||||
|
|
||||||
|
|image0|
|
||||||
|
|
||||||
|
Presentation
|
||||||
|
------------
|
||||||
|
|
||||||
|
`Gerrit <https://www.gerritcodereview.com/>`__ allows to review commits before they are integrated into a target branch.
|
||||||
|
|
||||||
|
With the `OAuth2 provider plugin <https://gerrit.googlesource.com/plugins/oauth/>`__ Gerrit can use OAuth2 protocol for authentication.
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
-------------
|
||||||
|
|
||||||
|
Gerrit
|
||||||
|
------
|
||||||
|
|
||||||
|
`Install <https://gerrit-review.googlesource.com/Documentation/config-plugins.html#installation>`__ the OAuth Provider plugin.
|
||||||
|
|
||||||
|
.. tip::
|
||||||
|
|
||||||
|
The LemonLDAP::NG support was added on February 23, 2020.
|
||||||
|
If you can't find a prebuilt package, you can use this `dockerfile <https://github.com/atisne/gerrit-oauth-build>`__ to build your own.
|
||||||
|
|
||||||
|
Then, configure Gerrit:
|
||||||
|
|
||||||
|
In ``/var/gerrit/etc/gerrit.config``
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
...
|
||||||
|
[auth]
|
||||||
|
type = OAUTH
|
||||||
|
gitBasicAuthPolicy = HTTP
|
||||||
|
...
|
||||||
|
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
|
||||||
|
root-url = https://auth.<LLNG_SERVER>
|
||||||
|
client-id = <GERRIT_CLIENT_ID>
|
||||||
|
|
||||||
|
In ``/var/gerrit/etc/secret.config``
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
...
|
||||||
|
[plugin "gerrit-oauth-provider-lemonldap-oauth"]
|
||||||
|
client-secret = <GERRIT_CLIENT_SECRET>
|
||||||
|
|
||||||
|
LL::NG
|
||||||
|
------
|
||||||
|
|
||||||
|
Add an Open ID Connect Relying Party for Gerrit
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
# Exported attributes (the values must fit your LDAP schema)
|
||||||
|
lemonldap-ng-cli -yes 1 \
|
||||||
|
addKey \
|
||||||
|
oidcRPMetaDataExportedVars/gerrit preferred_username uid \
|
||||||
|
oidcRPMetaDataExportedVars/gerrit name cn \
|
||||||
|
oidcRPMetaDataExportedVars/gerrit email mail \
|
||||||
|
oidcRPMetaDataExportedVars/gerrit sub email
|
||||||
|
|
||||||
|
# Options > Basic > Allowed redirection addresses for login
|
||||||
|
# > Logout > Allowed redirection addresses for logout
|
||||||
|
lemonldap-ng-cli -yes 1 \
|
||||||
|
addKey \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsRedirectUris 'http://<GERRIT_SERVER>/oauth' \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsPostLogoutRedirectUris 'https://<GERRIT_SERVER>/'
|
||||||
|
|
||||||
|
# Options > Basic > Client ID
|
||||||
|
# > Basic > Client Secret
|
||||||
|
lemonldap-ng-cli -yes 1 \
|
||||||
|
addKey \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientID '<GERRIT_OAUTH_ID>' \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsClientSecret '<GERRIT_OAUTH_SECRET>'
|
||||||
|
|
||||||
|
# Timeout > ID Token expiration
|
||||||
|
# > Access Token expiration
|
||||||
|
# Security > ID Token signature algorithm
|
||||||
|
lemonldap-ng-cli -yes 1 \
|
||||||
|
addKey \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenExpiration 3600 \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsAccessTokenExpiration 3600 \
|
||||||
|
oidcRPMetaDataOptions/gerrit oidcRPMetaDataOptionsIDTokenSignAlg RS512
|
||||||
|
|
||||||
|
|
||||||
|
.. |image0| image:: /applications/gerrit_logo.png
|
||||||
|
:class: align-center
|
BIN
doc/sources/admin/applications/gerrit_logo.png
Normal file
BIN
doc/sources/admin/applications/gerrit_logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.1 KiB |
Loading…
Reference in New Issue
Block a user