From 2eff690b4d1eb94b129a199e10bec5e9d4677c4c Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Wed, 11 Aug 2021 01:54:03 +0000 Subject: [PATCH 1/8] Clarify autolink users for SAML provider --- doc/integration/omniauth.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 211c5947287b8a..a22a8b6e538df7 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -162,12 +162,12 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4. You can automatically link OmniAuth users with existing GitLab users if their email addresses match. -For example, the following setting is used to enable the auto link feature for both a SAML provider and the Twitter OAuth provider: +For example, the following setting is used to enable the auto link feature for both a OpenID Connect provider and the Twitter OAuth provider: **For Omnibus installations** ```ruby -gitlab_rails['omniauth_auto_link_user'] = ["saml", "twitter"] +gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "twitter"] ``` **For installations from source** @@ -177,6 +177,9 @@ omniauth: auto_link_user: ["saml", "twitter"] ``` +To automatically link OmniAuth users with existing GitLab users with the SAML provider, refer to +step 4 of the [SAML OmniAuth Provider | General Setup](https://docs.gitlab.com/ee/integration/saml.html#general-setup) documentation. + ## Configure OmniAuth Providers as External You can define which OmniAuth providers you want to be `external`. Users -- GitLab From 385a3414f8579ad6df140115c39181c9b3e83ab4 Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Wed, 11 Aug 2021 02:09:38 +0000 Subject: [PATCH 2/8] Fix link --- doc/integration/omniauth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index a22a8b6e538df7..e8ee010a71956b 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -178,7 +178,7 @@ omniauth: ``` To automatically link OmniAuth users with existing GitLab users with the SAML provider, refer to -step 4 of the [SAML OmniAuth Provider | General Setup](https://docs.gitlab.com/ee/integration/saml.html#general-setup) documentation. +step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. ## Configure OmniAuth Providers as External -- GitLab From 45dc62ddb87941e822e9b69c3f9fadca5f4f6a79 Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Wed, 11 Aug 2021 02:19:09 +0000 Subject: [PATCH 3/8] Change to a note --- doc/integration/omniauth.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index e8ee010a71956b..e2bcd6514136b4 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -161,6 +161,11 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4. +NOTE: +This setting does not work with the SAML provider. To automatically link SAML users with existing +GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) +documentation. + You can automatically link OmniAuth users with existing GitLab users if their email addresses match. For example, the following setting is used to enable the auto link feature for both a OpenID Connect provider and the Twitter OAuth provider: @@ -177,9 +182,6 @@ omniauth: auto_link_user: ["saml", "twitter"] ``` -To automatically link OmniAuth users with existing GitLab users with the SAML provider, refer to -step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. - ## Configure OmniAuth Providers as External You can define which OmniAuth providers you want to be `external`. Users -- GitLab From 73fedc3b7a96515b59d2db00d24caa60a8d88602 Mon Sep 17 00:00:00 2001 From: Fiona Neill Date: Wed, 11 Aug 2021 22:05:28 +0000 Subject: [PATCH 4/8] Apply 2 suggestion(s) to 1 file(s) --- doc/integration/omniauth.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index e2bcd6514136b4..091adcb1fc4960 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -160,12 +160,6 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab ## Automatically Link Existing Users to OmniAuth Users > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4. - -NOTE: -This setting does not work with the SAML provider. To automatically link SAML users with existing -GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) -documentation. - You can automatically link OmniAuth users with existing GitLab users if their email addresses match. For example, the following setting is used to enable the auto link feature for both a OpenID Connect provider and the Twitter OAuth provider: @@ -174,7 +168,7 @@ For example, the following setting is used to enable the auto link feature for b ```ruby gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "twitter"] ``` - +This setting does not work with the SAML provider. To automatically link SAML users with existing GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. **For installations from source** ```yaml -- GitLab From aebe6ff09d5930a077c20d670281c65f220745a8 Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Wed, 11 Aug 2021 22:24:01 +0000 Subject: [PATCH 5/8] Add return after introduce statement --- doc/integration/omniauth.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 091adcb1fc4960..6c684019f17941 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -160,6 +160,7 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab ## Automatically Link Existing Users to OmniAuth Users > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4. + You can automatically link OmniAuth users with existing GitLab users if their email addresses match. For example, the following setting is used to enable the auto link feature for both a OpenID Connect provider and the Twitter OAuth provider: -- GitLab From c0f986f2f2e472c1138af5e4c56baf98ea8de878 Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Wed, 11 Aug 2021 22:29:10 +0000 Subject: [PATCH 6/8] Move change under source block --- doc/integration/omniauth.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 6c684019f17941..166a752cd506f6 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -169,7 +169,7 @@ For example, the following setting is used to enable the auto link feature for b ```ruby gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "twitter"] ``` -This setting does not work with the SAML provider. To automatically link SAML users with existing GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. + **For installations from source** ```yaml @@ -177,6 +177,8 @@ omniauth: auto_link_user: ["saml", "twitter"] ``` +This setting does not work with the SAML provider. To automatically link SAML users with existing GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. + ## Configure OmniAuth Providers as External You can define which OmniAuth providers you want to be `external`. Users -- GitLab From 0f2364e93eb5b293f43c0afc54b7ad0d617c5fbc Mon Sep 17 00:00:00 2001 From: Anton Smith Date: Thu, 12 Aug 2021 04:14:55 +0000 Subject: [PATCH 7/8] Fix source block to use openid-connect --- doc/integration/omniauth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index 166a752cd506f6..fa0dbb256b9209 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -174,7 +174,7 @@ gitlab_rails['omniauth_auto_link_user'] = ["openid_connect", "twitter"] ```yaml omniauth: - auto_link_user: ["saml", "twitter"] + auto_link_user: ["openid_connect", "twitter"] ``` This setting does not work with the SAML provider. To automatically link SAML users with existing GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. -- GitLab From 090641b6413c614ab6a47d984509536552fe2344 Mon Sep 17 00:00:00 2001 From: Evan Read Date: Fri, 13 Aug 2021 04:30:02 +0000 Subject: [PATCH 8/8] Apply 2 suggestion(s) to 1 file(s) --- doc/integration/omniauth.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md index fa0dbb256b9209..e520e7c4a22d4c 100644 --- a/doc/integration/omniauth.md +++ b/doc/integration/omniauth.md @@ -162,7 +162,14 @@ The chosen OmniAuth provider is now active and can be used to sign in to GitLab > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36664) in GitLab 13.4. You can automatically link OmniAuth users with existing GitLab users if their email addresses match. -For example, the following setting is used to enable the auto link feature for both a OpenID Connect provider and the Twitter OAuth provider: +Automatic linking using this method works for all providers +[except the SAML provider](https://gitlab.com/gitlab-org/gitlab/-/issues/338293). For automatic +linking using the SAML provider, see [SAML-specific](saml.md#general-setup) instructions. + +As an example, the following configuration is used to enable the auto link feature for both: + +- OpenID Connect provider. +- Twitter OAuth provider. **For Omnibus installations** @@ -177,8 +184,6 @@ omniauth: auto_link_user: ["openid_connect", "twitter"] ``` -This setting does not work with the SAML provider. To automatically link SAML users with existing GitLab users, refer to step 4 of the [SAML OmniAuth Provider | General Setup](saml.md#general-setup) documentation. - ## Configure OmniAuth Providers as External You can define which OmniAuth providers you want to be `external`. Users -- GitLab