-
|
We have a self-hosted GitLab server which is mostly working for OpenID Connect except that the “OpenID Connect Groups” are not synchronized. I have the container deployed with this environment: {
"name": "ALPINE_OIDC_ENABLED",
"value": "true"
},
{
"name": "ALPINE_OIDC_ISSUER",
"value": "https://git.example.org"
},
{
"name": "ALPINE_OIDC_CLIENT_ID",
"value": "redacted"
},
{
"name": "ALPINE_OIDC_USERNAME_CLAIM",
"value": "nickname"
},
{
"name": "ALPINE_OIDC_TEAMS_CLAIM",
"value": "groups"
},
{
"name": "ALPINE_OIDC_USER_PROVISIONING",
"value": "true"
},
{
"name": "ALPINE_OIDC_TEAM_SYNCHRONIZATION",
"value": "true"
},I noticed that the GitLab JWTs return the group property on a claim named Has anyone else run into this, or have any advice for how to track this down? There's nothing in the server logs other than the successful OpenID Connect login message so it's not immediately clear where to look next. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
This turned out to be a little bit of confusion: my test group was not the same case as the OIDC claim so it was silently ignored. |
Beta Was this translation helpful? Give feedback.
This turned out to be a little bit of confusion: my test group was not the same case as the OIDC claim so it was silently ignored.
#3269