自托管 gitlab 使用 Google 账户注册

tag-icon tag-icon google gitlab
自托管 gitlab 使用 Google 账户注册

我正在设置 GitLab EE 实例,并且希望仅使用 Google 帐户启用注册流程。我遵循了此处的文档:https://docs.gitlab.com/ce/integration/google.html和这里:https://docs.gitlab.com/ce/integration/omniauth.html

当我尝试将现有帐户与 Google 帐户绑定时,与 Google 的集成运行良好,非常完美。

问题是,当我尝试使用没有现有帐户的 Google 注册时,就会引发错误:

在没有预先存在的 GitLab 帐户的情况下,不允许使用您的 Google 帐户登录。

我当前的/etc/gitlab/gitlab.rb配置如下:

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['google_oauth2']
gitlab_rails['omniauth_sync_email_from_provider'] = 'google_oauth2'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['google_oauth2']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email', 'name', 'location']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'google_oauth2'
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "google_oauth2",
     "app_id" => "my-app-id",
     "app_secret" => "my-app-secret",
     "args" => { "access_type" => "offline", "approval_prompt" => "" }
   }
]

我做错了什么?GitLab 还能使用 Google 注册吗?

答案1

对配置进行一些调整后,我设法找到了一个可行的设置:

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['google_oauth2']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'google_oauth2'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['google_oauth2']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'google_oauth2'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_ldap_user'] = true
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
   {
     "name" => "google_oauth2",
     "app_id" => "<APP_ID>",
     "app_secret" => "<APP_SECRET>",
     "args" => { "access_type" => "offline", "approval_prompt" => "" }
   }
]

答案2

我对配置有疑问,现有用户是否会成为问题,如果本地 gitlab 和 google 工作区中的电子邮件相同,是否可以很好地同步?

我是否需要取消注释:

gitlab_rails['omniauth_sync_email_from_provider'] = 'google_oauth2'

我没有这条线,这是一个问题吗:

gitlab_rails['omniauth_sync_profile_from_provider'] = ['google_oauth2']

我之所以问这个问题是因为我不想弄乱所有现有的评论、用户等等!

此致

相关内容