Hi, Sorry to be too late response ;) Have you tried :request_type option? https://github.com/toyokazu/omniauth-shibboleth#request_type-option
If you are using version 1.1.1, you can use that option. Since you seems to use header to pass the attributes, you should specify :header option. # omniauth-shibboleth basically assumes to use :env because of the security reason. By the way, if you use :header, you must care "spoof checking". Please refer the following documents. https://github.com/toyokazu/omniauth-shibboleth#how-to-authenticate-users -- Toyokazu Akiyama 2013年12月5日木曜日 1時53分58秒 UTC+9 oramirez: > > Hi all, > > I am trying to setup Shibboleth in gitlab most recent (stable) version. > > I first installed gitlab following the steps from the production release. > After I set I started configuring Shibboleth. > > /home/git/gitlab/config/initializers/omniauth.rb > == > Rails.application.config.middleware.use OmniAuth::Builder do > provider :shibboleth, { > :shib_session_id_field => "HTTP_SHIB_SESSION_ID", > :shib_application_id_field => "HTTP_SHIB_APPLICATION_ID", > :debug => true, > :info => { > :email => "HTTP_MAIL", > :name => "HTTP_CN", > } > } > end > == > > /home/git/gitlab/config/initializers/devise.rb > == > config.omniauth :shibboleth, > :shib_session_id_field => "HTTP_SHIB_SESSION_ID", > :shib_application_id_field => "HTTP_SHIB_APPLICATION_ID", > :uid => 'HTTP_REMOTE_USER', > :info => { > :email => 'HTTP_MAIL', > :name => 'HTTP_CN' > } > == > > /home/git/gitlab/config/gitlab.yml > > == > gitlab: > ## Web server settings > host: 142.150.174.51 > port: 443 > https: true > > # Uncomment and customize the last line to run in a non-root path > # WARNING: This feature is known to work, but unsupported > # Note that three settings need to be changed for this to work. > # 1) In your application.rb file: config.relative_url_root = "/gitlab" > # 2) In your gitlab.yml file: relative_url_root: /gitlab > # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" > # > relative_url_root: /gitlab > ... > > ## OmniAuth settings > omniauth: > # Allow login via Twitter, Google, etc. using OmniAuth providers > enabled: true > > # CAUTION! > # This allows users to login without having a user account first > (default: false). > # User accounts will be created automatically when authentication was > successful. > allow_single_sign_on: true > # Locks down those users until they have been cleared by the admin > (default: true). > block_auto_created_users: false > == > > I am able to get the output when putting debug mode in true. > > https://142.150.174.51/gitlab/users/auth/shibboleth/callback > == > > !!!!! This message is generated by omniauth-shibboleth. To remove it set > :debug to false. !!!!! > HTTP_ACCEPT: > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 > HTTP_ACCEPT_ENCODING: gzip,deflate,sdch > HTTP_ACCEPT_LANGUAGE: > en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4,es-419;q=0.2,es;q=0.2 > HTTP_AFFILIATION: > HTTP_CN: Javier Ramirez Martinez > HTTP_CONNECTION: Keep-Alive > HTTP_COOKIE: _gitlab_session=c04b09f1085076d96b15f25d51040698; > _shibsession_64656661756c7468747470733a2f2f73702e656173692e75746f726f6e746f2e63612f776f726b6c696768745f74657374=_a62cc5f2d65f68e38925bd5cebfb5d8b; > request_method=GET > HTTP_ENTITLEMENT: > HTTP_EPPN: [email protected] <javascript:> > HTTP_GIVENNAME: Javier > HTTP_HOST: 142.150.174.51 > HTTP_MAIL: [email protected] <javascript:> > HTTP_PERSISTENT_ID: > HTTP_REFERER: https://142.150.174.51/gitlab/users/sign_in > HTTP_REMOTE_USER: ramire79 > HTTP_SHIB_APPLICATION_ID: default > HTTP_SHIB_ASSERTION_COUNT: > HTTP_SHIB_AUTHENTICATION_INSTANT: 2013-12-04T16:35:55.669Z > HTTP_SHIB_AUTHENTICATION_METHOD: > urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport > HTTP_SHIB_AUTHNCONTEXT_CLASS: > urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport > HTTP_SHIB_AUTHNCONTEXT_DECL: > HTTP_SHIB_COOKIE_NAME: > > == > > Once I turned back to false. I am not able to login into gitlab. It stops > in the login page. I am wondering if I need to add any additional in > gitlab.yml in the providers section. I tried that but gitlab was not > starting properly... > > > > > > When checking the logs I get this: > > == > ==> production.log <== > Connecting to database specified by database.yml > Creating scope :opened. Overwriting existing method Issue.opened. > Creating scope :of_projects. Overwriting existing method > MergeRequest.of_projects. > Creating scope :closed. Overwriting existing method MergeRequest.closed. > Creating scope :public. Overwriting existing method Snippet.public. > Creating scope :private. Overwriting existing method Snippet.private. > Creating scope :fresh. Overwriting existing method ProjectSnippet.fresh. > Creating scope :non_expired. Overwriting existing method > ProjectSnippet.non_expired. > Creating scope :expired. Overwriting existing method > ProjectSnippet.expired. > > ==> sidekiq.log <== > 2013-12-04T16:50:17Z 17344 TID-oubxr44gg INFO: Booting Sidekiq 2.14.0 > using redis://localhost:6379 with options {:namespace=>"resque:gitlab"} > 2013-12-04T16:50:17Z 17344 TID-oubxr44gg INFO: Running in ruby 2.0.0p247 > (2013-06-27 revision 41674) [x86_64-linux] > 2013-12-04T16:50:17Z 17344 TID-oubxr44gg INFO: See LICENSE and the > LGPL-3.0 for licensing details. > > ==> production.log <== > Started GET "/gitlab/" for 142.150.174.152 at 2013-12-04 11:50:42 -0500 > Processing by DashboardController#show as HTML > Completed 401 Unauthorized in 5ms > Started GET "/gitlab/users/sign_in" for 142.150.174.152 at 2013-12-04 > 11:50:43 -0500 > Processing by Devise::SessionsController#new as HTML > Rendered devise/sessions/_new_base.html.haml (6.4ms) > Rendered devise/sessions/_oauth_providers.html.haml (2.9ms) > Rendered devise/sessions/new.html.haml within layouts/devise (20.8ms) > Rendered layouts/_head.html.haml (482.6ms) > Rendered layouts/_flash.html.haml (2.0ms) > Completed 200 OK in 697ms (Views: 522.3ms | ActiveRecord: 0.0ms) > Started GET "/gitlab/users/auth/shibboleth" for 142.150.174.152 at > 2013-12-04 11:50:48 -0500 > > ==> unicorn.stdout.log <== > (shibboleth) Request phase initiated. > > ==> production.log <== > Started GET "/gitlab/users/auth/shibboleth/callback" for 142.150.174.152 > at 2013-12-04 11:50:48 -0500 > > ==> unicorn.stdout.log <== > (shibboleth) Callback phase initiated. > (shibboleth) Callback phase initiated. > > ==> production.log <== > Processing by OmniauthCallbacksController#shibboleth as HTML > Completed 500 Internal Server Error in 88ms > > NoMethodError (undefined method `shibboleth' for > #<OmniauthCallbacksController:0x007ff3328cb068>): > app/controllers/application_controller.rb:128:in `method_missing' > app/controllers/application_controller.rb:54:in > `set_current_user_for_thread' > > == > > Any suggestions or help will be greatly appreciated. > > -Orlando. > > > > -- > ing. Javier Orlando Ramírez Martínez > http://ca.linkedin.com/in/joramirez > http://picasaweb.google.com/javier.ramirez > http://twitter.com/oramirez1 > http://flickr.com/photos/orlando1 > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
