Hi Everybody.
I maked a configuration where gerrit if authentic in the Keycloak. A issue that I face is when I need to find a Group that there is in the Keycloak the Gerrit doesn’t find these.
I used this document for to do the authentication configuration.
Below follow the configuration SAML that indicate with the parameter “memberOfAttr” allows the Gerrit find the Keycloak Group’s.
gerrit.config
[gerrit]
basePath = git
canonicalWebUrl = http://10.0.15.18:8080
serverId = f2c50cc7-6450-41ea-9d72-6ddc268cffe8
installModule = com.googlesource.gerrit.plugins.saml.Module
[index]
type = LUCENE
[auth]
#type = DEVELOPMENT_BECOME_ANY_ACCOUNT
type = HTTP
loginUrl = http://10.0.15.18:8080/login
logoutUrl = http://10.0.15.18:8080/
httpHeader = X-SAML-UserName
httpEmailHeader = X-SAML-EmailHeader
httpExternalIdHeader = X-SAML-ExternalId
[sendemail]
smtpServer = localhost
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
#filterClass = com.googlesource.gerrit.plugins.ootb.FirstTimeRedirect
#firstTimeRedirectUrl = /login/%23%2F?account_id=1000000
filterClass = com.googlesource.gerrit.plugins.saml.SamlWebFilter
[cache]
directory = cache
[plugins]
allowRemoteAdmin = true
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = gerrit
javaHome = /usr/lib/jvm/java-17-openjdk-17.0.11.0.9-2.el9.x86_64
javaOptions = -Djava.security.egd=file:/dev/./urandom
javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
javaOptions = -Djava.security.egd=file:/dev/./urandom
javaOptions = --add-opens java.base/java.net=ALL-UNNAMED
javaOptions = --add-opens java.base/java.lang.invoke=ALL-UNNAMED
[receive]
enableSignedPush = false
[saml]
serviceProviderEntityId = SAML2Client
#identityProviderEntityId = SAML2Client
#identityProviderEntityId = http://10.0.33.110:8080/realms/master/protocol/saml/SAML2Client
keystorePath = /var/gerrit/etc/samlKeystore.jks
keystorePassword = pac4j-demo-password
privateKeyPassword = pac4j-demo-password
metadataPath = http://10.0.33.110:8080/realms/master/protocol/saml/descriptor
userNameAttr = UserName
displayNameAttr = DisplayName
emailAddressAttr = EmailAddress
computedDisplayName = true
firstNameAttr = firstName
lastNameAttr = lastName
memberOfAttr = memberOf
In the Keyclaok I used a SAML Client, the configuration this client is in this realm configuration.
I configured the Mapper in the client,
I don’t know if the Gerrit can to get the groups of Keycloak.
In my test, the Gerrit can’t work pull the goups.
Please. Can who help me about this?