[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Single Sign On (SSO) with GitLab



Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
  4. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  5. In the IDP Entity ID field, enter https://YOURDOMAIN.TLD (e.g., https://thebestwidgets.com).
  6. In the SP Entity ID field, enter a unique identifier for the Service Provider, typically the URL of the GitLab server, e.g., https://YOUR_GITLAB_SERVER_URL.
  7. In the ASC URL field, enter https://YOUR_GITLAB_SERVER_URL/users/auth/saml/callback. This should match the assertion_consumer_service_url in the GitLab SAML configuration.
  8. (Optional) Enter GitLab group membership information. See the section on External Groups in https://docs.gitlab.com/ce/integration/saml.html. The Attribute Name and Value need to be configured in the GitLab SAML configuration.
  9. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
  10. (Optional) In the Display Label field, enter a label that will appear under the Service Provider logo within the JumpCloud User console.

Configure the Service Provider

### OmniAuth Settings###! Docs: https://docs.gitlab.com/ce/integration/omniauth.htmlgitlab_rails['omniauth_allow_single_sign_on'] = ['saml']gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'gitlab_rails['omniauth_block_auto_created_users'] = falsegitlab_rails['omniauth_auto_link_saml_user'] = truegitlab_rails['omniauth_providers'] = [  {    name: 'saml',    groups_attribute: 'myGroupAttributeName',    external_groups: ['groupOne', 'groupTwo' ],    args: {            assertion_consumer_service_url: 'https://YOUR_GITLAB_SERVER_URL/users/auth/saml/callback',            idp_cert_fingerprint: 'YOUR_CERT_FINGERPRINT',            idp_sso_target_url: 'https://sso.jumpcloud.com/saml2/gitlab',            issuer: 'SP_ENTITY_ID',            name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'        }  }]
  1. The above configuration is for a GitLab Omnibus deployment found in /etc/gitlab/gitlab.rb. If the installation was compiled from source, see the GitLab Documentation for analogous settings.
  2. The assertion_consumer_service_url should be the same as the ACS URL specified in the JumpCloud application.
  3. The issuer should be the same value as the SP ENTITY ID in the JumpCloud application
  4. The name_identifier_format should be urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  5. Save the file and run gitlab-ctl reconfigure to update the GitLab configuration.

Validate SSO authentication workflows

IdP Initiated

  • Access the JumpCloud User Console at https://console.jumpcloud.com.
  • Select the Service Provider icon.
  • This should automatically launch and login to the application.

SP Initiated

  • Navigate to your Service Provider application URL.
  • You will be redirected to log in to the JumpCloud User Portal.
  • The browser will be redirected back to the application and be automatically logged in.

Last Updated: Aug 19, 2019 01:29PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found