I believe it was intended to support this, however it's not clear to me the status of this integration against a recent GitLab version as there are a couple of open PRs at https://github.com/gocd-contrib/gitlab-oauth-authorization-plugin/pulls that appear to make adjustments to this functionality.
Unless someone else on this group has recent personal experience with the plugin (personally I have only sanity checked it for authentication), if you have a test GitLab available you might be best to just try creating an authorization configuration and see if it is working how you'd expect? -Chad On Sat, Oct 8, 2022 at 3:48 PM X-Cloud Lab <[email protected]> wrote: > Thank you Chad and Sriram. It works as you said. I can use AWS SSO as IdP > for GitLab, and GitLab as IdP for GoCD. > > One more question, does GitLab OAuth plugin support GitLab group mapping > with GoCD role? > > I see it mentions in the GitHub repository. > *"It also supports authorization, which can be used by server admin to map > GoCD roles with GitLab projects or groups with access level.*" > > On Friday, October 7, 2022 at 5:24:45 PM UTC+7 [email protected] wrote: > >> On Fri, Oct 7, 2022 at 6:17 PM Chad Wilson <[email protected]> >> wrote: >> >>> Hiya >>> >>> Localhost doesn't resolve within docker/containers like you're expecting >>> there. From within a GoCD it will refer to the GoCD docker container not >>> your wider host. You need to either use the container's IP on the internal >>> docker network, OR use the gitlab container ID as hostname, OR override the >>> hostname OR if you are on Mac/Windows and exposing the port outside the >>> container you can use host.docker.internal. You should be able to find more >>> details in a docker networking guide appropriate for your platform. >>> >> >> Sorry, Chad, our messages overlapped. It appears to me that his Gitlab >> instance is on the host network while GoCD is within a container. Please >> see my response and advice if you recommend something else for him. >> >> -- Sriram >> >> >>> >>> -Chad >>> >>> On Fri, 7 Oct 2022, 17:15 X-Cloud Lab, <[email protected]> wrote: >>> >>>> Thank you. I tested my first scenario. >>>> >>>> It seems the problem causes from domain name resolving. I'm using >>>> localhost for a test gitlab and gocd with docker. >>>> >>>> GitLab:80 >>>> GoCD:8153 >>>> >>>> jvm 1 | 2022-10-07 09:07:02,534 ERROR [qtp1671617251-38] >>>> p.c.g.a.g.c.g.a.g.GitLabPlugin:127 [plugin-cd.go.authorization.gitlab] - >>>> Error while executing request go.cd.authorization.fetch-access-tokenjvm 1 >>>> | java.net.ConnectException: Failed to connect to localhost/ >>>> 127.0.0.1:80 >>>> >>>> On Friday, October 7, 2022 at 11:43:43 AM UTC+7 [email protected] >>>> wrote: >>>> >>>>> On Fri, 7 Oct 2022 at 11:36 AM, X-Cloud Lab <[email protected]> wrote: >>>>> >>>>>> Hello All, >>>>>> >>>>>> Currently, I'm using GitLab authorization and it works perfectly but >>>>>> the users in GitLab is local users. >>>>>> >>>>>> Now, I'm using AWS Identity Center (SSO). It provides SAML federation. >>>>>> It can integrate with GitLab through AWS SSO portal. >>>>>> But GoCD does not provide SAML authorization plugin. >>>>>> >>>>>> Can GoCD authorize through GitLab? AWS SSO -> GitLab -> GoCD. >>>>>> In my opinion, it likes a chain authorization. I'm not sure this will >>>>>> work or not. >>>>>> >>>>>> So, I've PoC AWS Cognito + AWS SSO. It works as expect. I don't need >>>>>> to setup local users in AWS Cognito. However, GoCD does not provide OAuth >>>>>> plugin for AWS Cognito. >>>>>> >>>>>> But it seems able to use Okta OAuth plugin. >>>>>> >>>>>> Could you please help to guild me what solution is suitable for GoCD? >>>>>> >>>>> >>>>> >>>>> You can indeed use Gitlab authentication in GoCD. I have set one up >>>>> for a friend. Please see: >>>>> https://github.com/gocd-contrib/gitlab-oauth-authorization-plugin >>>>> >>>>> >>>>> >>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "go-cd" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/go-cd/11c4d719-d115-4ea4-a749-3df4d8c1975fn%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/go-cd/11c4d719-d115-4ea4-a749-3df4d8c1975fn%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "go-cd" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/go-cd/30c2c48d-3e90-4afe-b310-033adff96047n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/go-cd/30c2c48d-3e90-4afe-b310-033adff96047n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/CAA1RwH9EOPaj6EtEshPhue24X%3DdFp%2Be3Vv19CdxXDfJqL4Fv5Q%40mail.gmail.com >>> <https://groups.google.com/d/msgid/go-cd/CAA1RwH9EOPaj6EtEshPhue24X%3DdFp%2Be3Vv19CdxXDfJqL4Fv5Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/bb45d906-6294-49ba-aae5-e8e982cd029cn%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/bb45d906-6294-49ba-aae5-e8e982cd029cn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH8-mCG%2BK8Ev9Bfm5OP_vUqARZRkvoiTnoru_%3D29wxfc%2Bw%40mail.gmail.com.
