If this blog helped you in any way (professionally), please donate a dollar here

Thursday, December 12, 2013

Atlassian Crowd and Gitlab

As you may be already aware, I am hacking gitlab and am currently trying to implement an identity management solution along with gitlab. The software that I tried including (rubycas, simpleid) all had the inherent capability of Single Sign On (SSO) however it lacked the finely grained authorization I was looking for.

So far here are some more I have isolated for this task. Some of them are:

  1. JOSSO
  2. freeIPA
However, I decided to give Atlassian Crowd before these Open Source alternatives. It apparently provides everything my organisation needs and some of it's competitors include:


  • Oracle Enterprise Single Sign On
  • IBM Security Identity Manager
For both of the above solutions I found no demo or trial was available. However, I managed integrating Crowd into gitlab and it was pretty basic stuff. Here's what you need to do:

Crowd Configuration:

Assuming you have already crowd installed, if not download the trial and check out the installation instruction. TIP: The standalone package is really easy to install.

Step 1: Add the application name and password. Note them down since they will be required later on for gitlab configuration.

Step 2:  Add the client app location

Step 3: Choose which authentication mechanism to authenticate against.

Step 4: Choose allowed groups if we need a fine grained authorization mechanism.

Step 5: We are done! Click on Add Application and we are done.

Gitlab configuration:

1. Add this line to your 'gitlab/Gemfile'
gem "omniauth_crowd"
2. Run this from the "gitlab" folder: (this will install the omniauth_crowd plugin)
bundle install
3.  Add this line (just like we did for custom openid provider, the part in bold type face) to this file: "gitlab/app/controllers/omniauth_callbacks_controller.rb"
def crowd
    handle_omniauth
end
private
...
4.  Add this line to "gitlab/config/initializers/devise.rb"
config.omniauth :crowd, :name => 'crowd', :crowd_server_url => 'http://(server-ip-address)/crowd', :application_name => "(application name specified above)", :application_password => "(password specified above)"
if Gitlab.config.ldap.enabled
...
There we go! Enjoy the wonderful proprietary product.

References:



No comments:

Post a Comment