Thank you Chad and Sriram. It works as you said. I can use AWS SSO as IdP for GitLab, and GitLab as IdP for GoCD.
One more question, does GitLab OAuth plugin support GitLab group mapping with GoCD role? I see it mentions in the GitHub repository. *"It also supports authorization, which can be used by server admin to map GoCD roles with GitLab projects or groups with access level.*" On Friday, October 7, 2022 at 5:24:45 PM UTC+7 [email protected] wrote: > On Fri, Oct 7, 2022 at 6:17 PM Chad Wilson <[email protected]> wrote: > >> Hiya >> >> Localhost doesn't resolve within docker/containers like you're expecting >> there. From within a GoCD it will refer to the GoCD docker container not >> your wider host. You need to either use the container's IP on the internal >> docker network, OR use the gitlab container ID as hostname, OR override the >> hostname OR if you are on Mac/Windows and exposing the port outside the >> container you can use host.docker.internal. You should be able to find more >> details in a docker networking guide appropriate for your platform. >> > > Sorry, Chad, our messages overlapped. It appears to me that his Gitlab > instance is on the host network while GoCD is within a container. Please > see my response and advice if you recommend something else for him. > > -- Sriram > > >> >> -Chad >> >> On Fri, 7 Oct 2022, 17:15 X-Cloud Lab, <[email protected]> wrote: >> >>> Thank you. I tested my first scenario. >>> >>> It seems the problem causes from domain name resolving. I'm using >>> localhost for a test gitlab and gocd with docker. >>> >>> GitLab:80 >>> GoCD:8153 >>> >>> jvm 1 | 2022-10-07 09:07:02,534 ERROR [qtp1671617251-38] >>> p.c.g.a.g.c.g.a.g.GitLabPlugin:127 [plugin-cd.go.authorization.gitlab] - >>> Error while executing request go.cd.authorization.fetch-access-tokenjvm 1 >>> | java.net.ConnectException: Failed to connect to localhost/ >>> 127.0.0.1:80 >>> >>> On Friday, October 7, 2022 at 11:43:43 AM UTC+7 [email protected] wrote: >>> >>>> On Fri, 7 Oct 2022 at 11:36 AM, X-Cloud Lab <[email protected]> wrote: >>>> >>>>> Hello All, >>>>> >>>>> Currently, I'm using GitLab authorization and it works perfectly but >>>>> the users in GitLab is local users. >>>>> >>>>> Now, I'm using AWS Identity Center (SSO). It provides SAML federation. >>>>> It can integrate with GitLab through AWS SSO portal. >>>>> But GoCD does not provide SAML authorization plugin. >>>>> >>>>> Can GoCD authorize through GitLab? AWS SSO -> GitLab -> GoCD. >>>>> In my opinion, it likes a chain authorization. I'm not sure this will >>>>> work or not. >>>>> >>>>> So, I've PoC AWS Cognito + AWS SSO. It works as expect. I don't need >>>>> to setup local users in AWS Cognito. However, GoCD does not provide OAuth >>>>> plugin for AWS Cognito. >>>>> >>>>> But it seems able to use Okta OAuth plugin. >>>>> >>>>> Could you please help to guild me what solution is suitable for GoCD? >>>>> >>>> >>>> >>>> You can indeed use Gitlab authentication in GoCD. I have set one up for >>>> a friend. Please see: >>>> https://github.com/gocd-contrib/gitlab-oauth-authorization-plugin >>>> >>>> >>>> >>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "go-cd" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/go-cd/11c4d719-d115-4ea4-a749-3df4d8c1975fn%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/go-cd/11c4d719-d115-4ea4-a749-3df4d8c1975fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/30c2c48d-3e90-4afe-b310-033adff96047n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/go-cd/30c2c48d-3e90-4afe-b310-033adff96047n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/CAA1RwH9EOPaj6EtEshPhue24X%3DdFp%2Be3Vv19CdxXDfJqL4Fv5Q%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/go-cd/CAA1RwH9EOPaj6EtEshPhue24X%3DdFp%2Be3Vv19CdxXDfJqL4Fv5Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/bb45d906-6294-49ba-aae5-e8e982cd029cn%40googlegroups.com.
