Gitlab与OpenID Connect的集成

4

我能够通过对GitLab进行一些修改,按照此处记录的方法,使用omniauth-openid宝石添加OpenID支持。

http://rahul-ghose.blogspot.in/2013/12/setup-gitlab-openid-authentication-with.html

我尝试遵循类似的模式,使用这个github仓库添加openid-connect支持:

https://github.com/jjbohn/omniauth-openid-connect

这是我的操作:

我在config/initializers/devise.rb中添加了以下内容:

  config.omniauth :openid_connect, :name => "openid-connect", :identifier => "http://<openid-connect-server>/.well-known/openid-configuration", :client_id =>"gitlab", :client_secret => "gitlab"

请将以下代码添加到 "app/controllers/omniauth_callbacks_controller.rb" 文件中:

def openidconnect
  handle_omniauth
end

我在gitlab的production.log(堆栈跟踪)中看到了以下内容:

在2013年3月4日的04:58:21以+0530的时区从127.0.0.1发起了GET请求"/users/auth/openid-connect"

AttrRequired::AttrMissing ('identifier' required.):
  vendor/bundle/ruby/1.9.1/gems/attr_required-1.0.0/lib/attr_required.rb:59:in `attr_missing!'
  vendor/bundle/ruby/1.9.1/gems/rack-oauth2-1.0.7/lib/rack/oauth2/client.rb:15:in `initialize'
  vendor/bundle/ruby/1.9.1/gems/openid_connect-0.7.3/lib/openid_connect/client.rb:6:in `initialize'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:58:in `new'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:58:in `client'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:87:in `authorize_uri'
  vendor/bundle/ruby/1.9.1/bundler/gems/omniauth-openid-connect-21f0beac1983/lib/omniauth/strategies/openid_connect.rb:62:in `request_phase'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:214:in `request_call'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:181:in `call!'
  vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.4/lib/omniauth/strategy.rb:164:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-cors-0.2.9/lib/rack/cors.rb:54:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-attack-2.3.0/lib/rack/attack.rb:63:in `call'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
  vendor/bundle/ruby/1.9.1/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/etag.rb:23:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/conditionalget.rb:25:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/head.rb:11:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/flash.rb:241:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:225:in `context'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:220:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/cookies.rb:486:in `call'
  vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/query_cache.rb:36:in `call'
  vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/callbacks.rb:373:in `_run__1476305416189579609__call__callbacks'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/callbacks.rb:80:in `run_callbacks'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:38:in `call_app'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:67:in `block in tagged'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:25:in `tagged'
  vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagged_logging.rb:67:in `tagged'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:in `call'
  vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middleware/request_id.rb:21:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/runtime.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/lock.rb:17:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/sendfile.rb:112:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/engine.rb:511:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/application.rb:97:in `call'
  vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/railtie/configurable.rb:30:in `method_missing'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/builder.rb:138:in `call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:65:in `block in call'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in `each'
  vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in `call'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:552:in `process_client'
  vendor/bundle/ruby/1.9.1/gems/unicorn-worker-killer-0.4.2/lib/unicorn/worker_killer.rb:51:in `process_client'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:632:in `worker_loop'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:500:in `spawn_missing_workers'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/lib/unicorn/http_server.rb:142:in `start'
  vendor/bundle/ruby/1.9.1/gems/unicorn-4.6.3/bin/unicorn_rails:209:in `<top (required)>'
  vendor/bundle/ruby/1.9.1/bin/unicorn_rails:23:in `load'
  vendor/bundle/ruby/1.9.1/bin/unicorn_rails:23:in `<main>'

有人能帮我解决这个问题吗?

1个回答

4

在使用以下配置后,此方法可行:

config.omniauth :openid_connect, {
name: :openid_connect,
scope: [:openid, :profile],
response_type: :code,
client_options: {
port: 8081,
scheme: "https",
host: "myprovider.com",
identifier: "clientID",
secret: "clientSecret",
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
},
}

名称必须是openid_connect,作用域是所需的最小值。

旧文章,但以防你仍在关注。这是否像其他Omniauth策略一样工作,即在控制器处理程序的redirect_uri中返回经过身份验证的用户的信息env['omniauth.auth']?我已经使大部分内容正常工作,除了回调URL被调用时openid connect的预期URL参数(例如state,code等),但env['omniauth.auth']未设置。它应该设置还是我需要从回调URL获取代码,并回调OP以获取access_token,id_token等? - bjlevine
1
解决了。在调试omniauth代码时,我发现只有回调包含正确路径时,策略的回调阶段才会被调用。在这种情况下,路径由omniauth构建为auth/{strategy_name}/callback。在我的情况下,我将配置中的名称参数设置为“keycloak”,但我将redirect_uri设置为.../auth/openid/callback。一旦我将重定向URI设置为.../auth/keycloak/callback,一切都正常工作了。 - bjlevine

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接