SafeNet Trusted Access for GitLab
Configuring SafeNet Trusted Access for GitLab is a three-step process:
2.SafeNet Trusted Access setup
As a prerequisite, obtain the certificate fingerprint from the Identity Provider certificate. To obtain the certificate fingerprint, download the Identity Provider Certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. Next, perform the following step:
•Open the certificate.
On the Details tab, from the Thumbprint field, copy the certificate fingerprint.
Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in GitLab for Omnibus installations:
1.On your GitLab server, run the sudo <editor> /etc/gitlab/gitlab.rb command to open configuration file of GitLab.
2.In the gitlab.rb file, under Configuration Settings for GitLab CE and EE > gitlab.yml configuration, search for OmniAuth Settings.
3.In the OmniAuth Settings, searched in the previous step, perform the following steps:
a. Search for gitlab_rails[‘omniauth_enabled’] line and uncomment it. Modify its value to gitlab_rails[‘omniauth_enabled’] = true
b.Search for gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘saml’] line and uncomment it.
c.Search for gitlab_rails[‘omniauth_auto_link_saml_user'] line and uncomment it. Modify its value to gitlab_rails[‘omniauth_auto_link_saml_user'] = true
d.Search for gitlab_rails[‘omniauth_providers’] line and replace its value to
gitlab_rails[‘omniauth_providers’] = [
assertion_consumer_service_url: ‘<ACS URL>’,
idp_cert_fingerprint: ‘<IdP certificate fingerprint>’,
idp_sso_target_url: ‘<SingleSignOn URL>’,
issuer: ‘<Issuer Name>’,
label: ‘<Label name>’
Refer, the table below to know about ACS URL, IdP certificate fingerprint, SingleSignOn URL, Issuer Name, and Label name parameters:
|Parameter||Description and Value|
|ACS URL||Enter the HTTPS URL of your <hostname>. Here, hostname is the organization hostname registered in GitLab, and append users/auth/saml/callback
For example, https://<hostname>/users/auth/saml/callback
|IdP certificate fingerprint||Enter the certificate fingerprint of
SafeNet Trusted Access, you obtained from the Identity Provider certificate.
For example, e3:f1:16:b3:91:e8:ca:86:61:fb:0a:15:cd:6b:8d:56:eb:bc:56:23
|SingleSignOn URL||Enter the SingleSignOnService URL, provided on the SafeNet Trusted Access console. You can copy this URL by clicking the Copy to Clipboard icon , next to SINGLESIGNONSERVICE field.|
|Issuer Name||Enter a unique name which will identify GitLab to SafeNet Trusted Access.
For example, https://<hostname>. Here, hostname is the organization hostname registered in GitLab.
|Label Name||Enter a label of your choice for the SAML login button.
For example: SafeNet IDP
e.Save the above configuration and close the gitlab.rb file.
4.On your GitLab server, run the sudo gitlab-ctl reconfigure command to reconfigure GitLab for the above changes.
•In a web browser, open the following URL to obtain the GitLab metadata:
Here, hostname is the organization hostname registered in GitLab.
Copy and save this metadata on your local machine with the .xml extension (for example, metadata.xml).
After completing the first step of configuring SafeNet Trusted Access in GitLab, the second step is to activate the GitLab application in SafeNet Trusted Access by performing the following steps:
1.In the Applications pane, you will notice that the GitLab application, you added earlier is currently in inactive state by default. To configure and activate this application, click the application (for example, GitLab) and proceed to the next step.
2.Under STA Setup, click Upload GitLab Metadata.
3.On the Metadata upload window, click Browse to search and select GitLab metadata, you saved in Obtaining Metadata.
4.Under Account Details, the service provider metadata information is displayed.
5.Click Save Configuration to save the details and activate the GitLab application in SafeNet Trusted Access.
Navigate to the GitLab login URL (For example, https://<hostname>). At the bottom, click <Label Name> (For example, SafeNet IDP), you will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the GitLab application after authentication.
Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the GitLab application icon, you should be redirected to the GitLab application after authentication.
© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.