Use AliCloud as an OmniAuth authentication provider

Tier: Free, Premium, Ultimate
Offering: GitLab.com, Self-managed

You can enable the AliCloud OAuth 2.0 OmniAuth provider and sign in to GitLab using your AliCloud account.

Create an AliCloud application

Sign in to the AliCloud platform and create an application on it. AliCloud generates a client ID and secret key for you to use.

  1. Sign in to the AliCloud platform.

  2. Go to the OAuth application management page.

  3. Select Create Application.

  4. Fill in the application details:

    • Application Name: This can be anything.
    • Display Name: This can be anything.
    • Callback URL: This URL should be formatted as 'GitLab instance URL' + '/users/auth/alicloud/callback'. For example, http://test.gitlab.com/users/auth/alicloud/callback.

    Select Save.

  5. Add OAuth scopes in the application details page:

    1. Under the Application Name column, select the name of the application you created. The application’s details page opens.
    2. Under the Application OAuth Scopes tab, select Add OAuth Scopes.
    3. Select the aliuid and profile checkboxes.
    4. Select OK.

    AliCloud OAuth scope

  6. Create a secret in the application details page:

    1. Under the App Secrets tab, select Create Secret.
    2. Copy the SecretValue generated.

Enable AliCloud OAuth in GitLab

  1. On your GitLab server, open the configuration file.

    • For Linux package installations:

      sudo editor /etc/gitlab/gitlab.rb
      
    • For self-compiled installations:

      cd /home/git/gitlab
      
      sudo -u git -H editor config/gitlab.yml
      
  2. Configure the common settings to add alicloud as a single sign-on provider. This enables Just-In-Time account provisioning for users who do not have an existing GitLab account.

  3. Add the provider configuration. Replace YOUR_APP_ID with the ID on the application details page and YOUR_APP_SECRET with the SecretValue you got when you registered the AliCloud application.

    • For Linux package installations:

        gitlab_rails['omniauth_providers'] = [
          {
            name: "alicloud",
            app_id: "YOUR_APP_ID",
            app_secret: "YOUR_APP_SECRET"
          }
        ]
      
    • For self-compiled installations:

      - { name: 'alicloud',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
      
  4. Save the configuration file.

  5. Reconfigure GitLab if you installed using the Linux package, or restart GitLab if you installed from source.