GItlab integration with Keycloak

amruthapbhat · March 7, 2023, 11:42am

We are facing one issue with Gitlab integration with Keycloak. We are hosting a gitlab in a Kubernetes cluster using the below configuration which is integration with Keycloak.

prometheus_monitoring[‘enable’] = false
gitlab_rails[‘ldap_enabled’] = false;
nginx[‘listen_port’] = 10200
nginx[‘listen_https’] = false
registry_nginx[‘enable’] = true
gitlab_rails[‘registry_path’] = “/mnt/docker_registry”
registry[‘enable’] = true
registry_external_url ‘x.x.x.x’
gitlab_rails[‘initial_root_password’] = “x.x.x.x”
external_url ‘[x.x.x.x’]
gitlab_rails[‘lfs_enabled’] = true
gitlab_rails[‘omniauth_enabled’] = true
gitlab_rails[‘omniauth_providers’] = [
{ ‘name’ => ‘openid_connect’,
‘label’ => ‘Keycloak’,
‘args’ => {
‘name’ => ‘openid_connect’,
‘scope’ => [‘openid’,‘profile’,‘email’],
‘response_type’ => ‘code’,
‘issuer’ => ‘[x,x,x,x’],
‘discovery’ => true,
‘client_auth_method’ => ‘query’,
‘uid_field’ => ‘preferred_username’,
‘send_scope_to_token_endpoint’ => ‘false’,
‘client_options’: {
‘identifier’ => ‘devops’,
‘secret’ => x.x.x.x’,
‘redirect_uri’ => ‘[x.x.x.x’]
}
}
}
]
gitlab_rails[‘omniauth_auto_link_user’] = [‘keycloak’]
gitlab_rails[‘omniauth_sync_profile_from_provider’] = ‘openid_connect’
#gitlab_rails[‘omniauth_auto_sign_in_with_provider’] = ‘openid_connect’
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘openid_connect’]
gitlab_rails[‘omniauth_auto_link_saml_user’] = true
gitlab_rails[‘omniauth_block_auto_created_users’] = false
gitlab_rails[‘omniauth_sync_email_from_provider’] = ‘openid_connect’
gitlab_rails[‘omniauth_external_providers’] = [‘openid_connect’]
gitlab_rails[‘omniauth_auto_link_user’] = [“openid_connect”]
gitlab_rails[‘registry_path’] = “/mnt/docker_registry”
gitlab_rails[‘shared_path’] = ‘/mnt/docker_registry’
registry[‘env’] = {“REGISTRY_HTTP_RELATIVEURLS” => true}
registry[‘enable’] = true
registry_nginx[‘listen_port’] = 8123
registry_nginx[‘listen_https’] = false

The issue that we are facing is when a user is created from keycloak and that user tries to login into gitlab, then for that user the default project limit is getting set as 0 because of which that user is not able to create projects. This is happening only when we create a user from keycloak, but if we try to create a user from gitlab manually then the default project limit is being taken from the default settings.

Could you please let us know if there is any option that we can set in keycloak in order for us to have the default project value set for the users that are being created from keycloak.