08 January 2014

README FIRST

There was a long time opened suggestion on gitlab to get this working. Thanks Will’s merge request this post is obsoleted.

The patch is right now in master and included in 6.6 release. If you are using version before 6.6 read this post. For Gitlab version 6.6 and newer I wrote another post.


## Overview

This post is about howto get working Gitlab and Crowd together. It’s based on versions - Crowd version 2.7.0 - Gitlab version 6.4

I have it working also for gitlab version 5.X and 6.2.

Installation and configuration

Atlassian Crowd

Installation and configuration of the Crowd is out of scope. Crowd is commercial product and you shoud have support for it.

Gitlab

For Debian or Ubuntu follow the installation guide on Github. Try to login as admin user to find out if the installation is working.

Customization

### Install the gem Follow the steps in section Using Custom Omniauth Providers, the gem you are looking for is omniauth_crowd. I’m using the last version of this gem 2.2.0.

Change configuration

I have following omniauth section in config/gitlab.yml

omniauth:
  enabled: yes
  allow_single_sign_on: true
  block_auto_created_users: false
  providers:	  

I control the access from the Crowd application so I changed the default values for allow_single_sign_on and block_auto_created_users. Leave the providers section empty unless you use another omniauth provider.

Modify also config/initializers/devise.rb. Add Crowd configuration manualy.

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 2539097..92d4331 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -226,6 +226,11 @@ Devise.setup do |config|
       name_proc: email_stripping_proc
   end
 
+  config.omniauth :crowd,
+    crowd_server_url: 'http://YOUR CROWD SERVER:8095',
+    application_name: 'YOUR APPLICAION ID',
+    application_password: 'YOUR APPLICATION PASSWORD'
+
   Gitlab.config.omniauth.providers.each do |provider|
     case provider['args']
     when Array

Patch Gitlab

As you bypass the default omniauth settings, you need to patch also app/controllers/omniauth_callbacks_controller.rb

diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb 
index 7131e0f..fb9edfe 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -23,6 +23,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacks
     sign_in_and_redirect(@user)
   end
 
+  def crowd
+    handle_omniauth
+  end
+
   private
 
   def handle_omniauth

Some final notes

Remark for developers

To solve this integration without the patching there needs to be changed config/initializers/devise.rb. Not all omniauth modules accept app_id and app_secret in the same way as the Google or Twittter. I hope this would help some ruby developer to write a patch and submit it into upstream.