08 January 2014


There was a long time opened suggestion on gitlab to get this working. Thanks Will’s merge request this post is obsoleted.

The patch is right now in master and included in 6.6 release. If you are using version before 6.6 read this post. For Gitlab version 6.6 and newer I wrote another post.

## Overview

This post is about howto get working Gitlab and Crowd together. It’s based on versions - Crowd version 2.7.0 - Gitlab version 6.4

I have it working also for gitlab version 5.X and 6.2.

Installation and configuration

Atlassian Crowd

Installation and configuration of the Crowd is out of scope. Crowd is commercial product and you shoud have support for it.


For Debian or Ubuntu follow the installation guide on Github. Try to login as admin user to find out if the installation is working.


### Install the gem Follow the steps in section Using Custom Omniauth Providers, the gem you are looking for is omniauth_crowd. I’m using the last version of this gem 2.2.0.

Change configuration

I have following omniauth section in config/gitlab.yml

  enabled: yes
  allow_single_sign_on: true
  block_auto_created_users: false

I control the access from the Crowd application so I changed the default values for allow_single_sign_on and block_auto_created_users. Leave the providers section empty unless you use another omniauth provider.

Modify also config/initializers/devise.rb. Add Crowd configuration manualy.

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 2539097..92d4331 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -226,6 +226,11 @@ Devise.setup do |config|
       name_proc: email_stripping_proc
+  config.omniauth :crowd,
+    crowd_server_url: 'http://YOUR CROWD SERVER:8095',
+    application_name: 'YOUR APPLICAION ID',
+    application_password: 'YOUR APPLICATION PASSWORD'
   Gitlab.config.omniauth.providers.each do |provider|
     case provider['args']
     when Array

Patch Gitlab

As you bypass the default omniauth settings, you need to patch also app/controllers/omniauth_callbacks_controller.rb

diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb 
index 7131e0f..fb9edfe 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -23,6 +23,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacks
+  def crowd
+    handle_omniauth
+  end
   def handle_omniauth

Some final notes

Remark for developers

To solve this integration without the patching there needs to be changed config/initializers/devise.rb. Not all omniauth modules accept app_id and app_secret in the same way as the Google or Twittter. I hope this would help some ruby developer to write a patch and submit it into upstream.