Hello Luis,
Good luck! The GitLab documentation on OmniAuth examples at https://docs.gitlab.com/ce/integration/omniauth.html#examples states: If you have successfully set up a provider that is not shipped with GitLab itself, please let us know. You can help others by reporting successful configurations and probably share a few insights or provide warnings for common errors or pitfalls by sharing your experience in the public Wiki <https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations> . The public Wiki has been deprecated (and all content removed), but if you git clone it from https://github.com/gitlabhq/gitlab-public-wiki.wiki.git and then check out commit 02db843614a1642c7101c721874d89b64a63d936 you can look at Custom-omniauth-provider-configurations.md Sounds like you're blazing a trail here. Good luck! Best, Aleksey -- Need training on Git or GitLab? Email train...@verticalsysadmin.com. On Mon, Apr 10, 2017 at 2:53 AM, Luís Nabais <luisnab...@gmail.com> wrote: > Hello guys. > > Before someone asks, due to some specific limitations at my job's > networking, I need to try something with this complexity. I wish it could > be simpler. > > Basically, I have a Python script which authenticates users in our IMAP > server. I need Omniauth provider to call it to authenticate, get return > result (exit code) and let/refuse user login. > It doesn't get any user data, not even their emails (our emails can have > multiple suffixes. Just user and password. > > Right now I've done this: > - GitLab Container (using Docker, latest version, 17.04), using GitLab > 9.0.4-ce.0. > - I get a button below regular login screen, to Login via Ourprovider > - I get the form with user, password and login button (I get to the > request phase correctly) > - If I enter data and press Login, it goes to callback, where I have the > user and password > > And there's where I cannot understand corretly the issue. > > I'm trying to just develop a fake temporary solution, in which I just > return something like Tru/False, just for checking if user logged in > correctly or not and allow login. > User already exists and I can login normally through the normal GitLab > process. > > I can't understand next phase. > Do I need to return something like True/False? > Do I need to use token for anything? If yes, how can I access it? > How do I say user can login? > How do I say to GitLab user can't login? > > > > I "configured" this: > > - Added this configuration to /etc/gitlab/gitlab.rb > gitlab_rails['omniauth_enabled'] = true > gitlab_rails['omniauth_providers'] = [ > { > "name" => "Ourprovider", > "secret" => "our_secret", > "url" => "https://www.justsomeurl_still_not_used_and_dont_know_ > whats_it_for.com", > "args" => { "user_admin" => > "just_some_user_which_exists_for_this_not_to_be_empty" > } > } > ] > > > > - Added provider to omniauth.rb (/opt/gitlab/embedded/service/ > gitlab-rails/config/initializers/omniauth.rb) > >> module OmniAuth >> module Strategies >> autoload :Bitbucket, Rails.root.join('lib', 'omniauth', 'strategies', >> 'bitbucket') - already there, not needed for us >> autoload :Ourprovider, Rails.root.join('lib', 'omniauth', >> 'strategies', 'ourprovider') - added this line >> end >> end >> >> Rails.application.config.middleware.use OmniAuth::Builder do >> provider :ourprovider >> end >> > > > - Added script provider in /opt/gitlab/embedded/service/ > gitlab-rails/lib/omniauth/strategies/ourprovider.rb > >> module OmniAuth >> module Strategies >> class Ourprovider >> include OmniAuth::Strategy >> >> attr_reader :token >> >> option :title, "IMAP Authentication" >> option :fields, [:name, :email] >> option :uid_field, [:name, :email] >> >> def request_phase >> File.open('/tmp/omniauth', 'a') { |file| >> file.write("request_phase (test)\n") } >> >> OmniAuth::Form.build( >> :title => "IMAP Authentication", >> :url => callback_path >> ) do |f| >> f.text_field 'Username', 'username' >> f.password_field 'Password', 'password' >> f.button "Login" >> end.to_response >> end >> def callback_phase >> File.open('/tmp/omniauth', 'a') { |file| >> file.write("callback_phase\n") } >> #File.open('/tmp/omniauth', 'a') { |file| file.write("request: " >> + request.params.to_s + "\n") } >> #File.open('/tmp/omniauth', 'a') { |file| file.write("username: " >> + request['username'].to_s + "\n") } >> end >> >> uid do >> File.open('/tmp/omniauth', 'a') { |file| file.write("uid\n") } >> end >> >> info do >> File.open('/tmp/omniauth', 'a') { |file| file.write("info\n") } >> { >> :nickname => request['username'], >> } >> end >> end >> end >> end >> > > > As you can see, I only have some text being written to a file in the > methods. I'm trying to understand the way it works. After I understand how > to allow/refuse login, I'll try to really authenticate users against our > IMAP server. > I'm very confused, at this point... > > Can anybody help me understanding this? > Thanks a lot for all your help! > Cheers. > Best regards, > Luis Nabais > > -- > You received this message because you are subscribed to the Google Groups > "GitLab" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to gitlabhq+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/gitlabhq/d130da93-4df7-4a4a-832a-bca1965c08fd%40googlegroups.com > <https://groups.google.com/d/msgid/gitlabhq/d130da93-4df7-4a4a-832a-bca1965c08fd%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > ᐧ -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/CANNWuVX-Z4WVtgGce3ATokAimO0WvsVJ4%2ByhwZSYgJupLr0thg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
