(Reposted here due to no response on Google group)
Probably missing something obvious but I cannot get GitLab CE 8.0.5 to use Crowd server 2.8.3 as an omniauth provider. GitLab doc and Google searches are not helping.
Can anyone either provide me with troubleshooting steps, their config (obfuscating passwords etc) or check my config below.
GitLab config:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "crowd",
"args" => {
"crowd_server_url" => "http://localhost:8095/crowd",
"application_name" => "crowd_gitlab",
"application_password" => "Password"
}
}
]
The Crowd application I have setup looks like:
Name: crowd_gitlab
Application type: Generic Application
Active: x
Password: Password
The crowd tab appears on the GitLab login page but the error I get is:
500
We're sorry, but something went wrong.
Note that the URL displayed during this error is http://localhost/users/auth/crowd/callback
Tried increaing generic tracing levels and looking through the logs on both Crowd and GitLab but cannot see anything obvious.
We're using Gitlab CE 7.7.2 and Crowd 2.8.2 successfully. I'm not sure if this changes with 8.0.5.
Our config is below
## OmniAuth settings
omniauth:
enabled: true
allow_single_sign_on: true
block_auto_created_users: true
providers:
- { name: 'crowd'
, strategy_class: 'OmniAuth::Strategies::Crowd'
, args: {
crowd_server_url: "http://crowd-server:8095/crowd",
application_name: "gitlab",
application_password: "PASSWORD"
}
}
We also force the Crowd login page as the default page for Gitlab, which was less confusing for people rather than displaying the default page and forcing them to click on the Crowd button.
Just looked at the features matrix and noticed that Crowd is only supported on EE. Doh!
Related
I have an angular app which has to authorize to gitlab and signIn the user with userName and pass in order to fetch some data/information from gitlab and display it in the UI.
The first test case fails before the browser can redirect to the gitlab login-form (https://gitlab.com/users/sign_in):
Spec Code:
it('Visits the home page', () => {
cy.visit('/', {
onBeforeLoad(win) {
cy.stub(win.navigator, 'cookieEnabled', false).as('cookieEnabled');
},
})
})
Error:
Checking your browser before accessing gitlab.com.
Please enable Cookies and reload the page.
This process is automatic. Your browser will redirect to your requested content shortly.
Please allow up to 5 seconds…
I have been searching and trying couple of other options/implementation based on cypress official doc etc., but still facing the same issue. Some kind of similar questions here in SO, but none for the hints/answers provide the fix.
Also I am not 100% sure that it's really an issue related to cypress test implementation. Could it be an issue affecting gitlab itself?
Any ideas how to fix such issue?
Cypress: 10.7.0
Angular: 14.x
Node: v16.13.1
I have to implement authorization to access the etherpad UI so that it could not be public url.
For this, when i set the setting "requireAuthentication": true, then it throws web authentication throw browser as below
But In the application, when i access etherpad UI through iframe then it also shows authentication pop-up as above. Please suggest how i can make break through to access etherpad UI without auth pop-up in the application, But allow auth popup when it access from web browser instead of application ?
OR any other way also appreciated.
Just posting here because google searches for "etherpad basic authentication" led me here.
This solution only applies to etherpad-lite via Docker
I had been wanting to enable some basic authentication as well without using LDAP or some plugin.
Checkout the etherpad-lite Git project
git clone https://github.com/ether/etherpad-lite.git
Edit the settings.json.docker
-Made 1 change to the file by setting requireAuthentication to true
-Took note of those 2 variable names (ADMIN_PASSWORD,USER_PASSWORD)
.
.
"requireAuthentication": true
.
.
"users": {
"admin": {
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "${ADMIN_PASSWORD:null}",
"is_admin": true
},
"user": {
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "${USER_PASSWORD:null}",
"is_admin": false
}
},
*all the other stuff can be left alone so I left out of this snippet
Create a custom image of the etherpad-lite image
docker build --tag myetherpad .
Spin up your new etherpad instance and pass in those 2 variables
ADMIN_PASSWORD: "someAdminPassword"
USER_PASSWORD: "someUserPassword"
*I am using docker-compose so setting those variables will look a little different in vanilla Docker or K8
**There are definitely better ways to deliver authentication in etherpad-lite but I just needed a quick instance. This process would be very tedious if you were going to have more than a few users
I'm trying to setup a basic readonlyrest example with Kibana. My config is as follows:
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
access_control_rules:
- name: Accept requests from users in group team1 on index1
type: allow
hosts: [localhost,127.0.0.1,10.0.0.0/24]
groups: ["team1"]
actions: ["indices:data/read","indices:data/read/mge/*","indices:data/read/mget","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:monitor/*"]
indices: ["<no-index>", ".kibana*", "logstash*", "default" ,"sha*" ,"ba*"]
users:
- username: alice
auth_key: alice:p455phrase
groups: ["team1"]
Unfortunately this does not work. I keep getting Authorization exception with the following error message in elasticsearch logs:
no block has matched, forbidding by default: { action: indices:data/read/mget,
OA:127.0.0.1, indices:[.kibana], M:POST, P:/_mget, C:{"docs":[{"_index":".kibana",
"_type":"config","_id":"4.6.1"}]}, Headers:[]}
What is missing in my config?
In kibana.yml the configuration is:
elasticsearch.username: "alice"
elasticsearch.password: "p455phrase"
If you use case is a basic kibana authentication, you should follow the example in the documentation.
Once you get that working, you could modify the example to assign the required rules to groups, and groups to your hard-coded users.
Keep in mind that this will not be a production ready solution, due to the crappy security level offered by HTTP basic auth between browser and Kibana:
The browser will pass the credentials unencrypted at every request
No way for the user to "logout" from Kibana
Nowadays ReadonlyREST Offers two Kibana plugins (PRO and Enterprise), which fixes the above limitations using encrypted cookies, and injecting a logout button into the Kibana UI.
The 30 days trial is available for download
I've looked at the configuration options for GitLab CE regarding analytics and found that if I configured the following line in /etc/gitlab/gitlab.rb, I would be able to track my GitLab CE usage:
gitlab_rails['extra_piwik_url'] = 'my.piwik.hostname'
gitlab_rails['extra_piwik_site_id'] = '2'
After doing a gitlab-ce reconfigure, I can see in the HTML source of the pages the following tracking code:
<script>
var _paq = _paq || [];
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function() {
var u=(("https:" == document.location.protocol) ? "https" : "http") + "://my.piwik.hostname/";
_paq.push(["setTrackerUrl", u+"piwik.php"]);
_paq.push(["setSiteId", "2"]);
var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);
})();
</script>
Unfortunately, looking at the webserver logs of the Piwik server, I do not receive any request. Can someone see something I'm missing?
Even if this is a really old question some possible answers to this:
Do you have an AdBlocker? Disable it to enable tracking.
Do you have DoNotTrack activated? Disable it as this can disable the tracking with Matomo.
For the first point: AdBlocker most likely filter out the scripts needed for matomo/piwik. There is nothing that you can do here.
For the second: By default the DoNotTrack is honored by matomo/piwik. You can change this setting in matomo but please respect your users choice not to be tracked.
I want to customize OpenAm login page, for client perspective,
I had check OpenaAm Chapter for latest XUI changes, ie by default it takes XUI
I tried to configure current default theme,
present in
XUI/themeConfig.json under the directory where we unpack OpenAM,
For example.
I had modify footer element : by default footer mailto element: info#forgerock.com
"footer": {
"mailto": "info#xyz.com",
"phone": ""
}
}
after pack and deploy war file,
But still it showing old one ie info#forgerock.com on startup
My question is what is the proper steps of customizing OpenAm login page , from OpenAm guide, it was bit confusing.
Please suggest
Thanks
a)Modify XUI\config\themeConfig.json, delete cache from your web browser...Then reload page and see what you had entered.
b)You can also set org.forgerock.openam.core.resource.lookup.cache.enabled, to false in Configuration > Servers and Sites > Server Name > Advanced to see in real time your modify, but in a Production Environment remember to change again to true for better performance.
Best regards,
Alex