Add OpenID Connect OmniAuth Provider to GitLab Omnibus
Description
Currently, the GitLab CE Omnibus does not include an OmniAuth provider for connecting to an OpenID Connect system. There are multiple specific "social logins" such as Google, Twitter, Facebook, etc. However, there doesn't appear to be a way to set up a connection with a locally installed or third-party OpenID Connect provider (such as Ipsilon or Keycloak). GitLab should be able to work with these systems.
Proposal
- Add omniauth-openid-connect RubyGem to Omnibus
- Add support for configuring OpenID Connect providers through gitlab.rb (ideally multiple unique ones would show up as different buttons on GitLab UI using the name property set up for the openid-connect provider, but supporting just one is fine, too)
Links / references
- OpenID Connect
- omniauth-openid-connect
- Keycloak - used by Red Hat and included in Red Hat OpenStack Platform
- Ipsilon - used by Fedora Account System