Running omniauth-kerberos as a custom omniauth provider on gitlab CE breaks in 7.14.x
Hi,
@DouweM asked me to file a ticket about this.
For some time now (one year, to be precise), I've been running a gitlab instance (reachable here although it has been downgraded back to 7.13.x and probably won't be terribly responsive at the moment for other reasons) using omniauth-kerberos as a custom omniauth provider. I get, of course, that this is unsupported and that Kerberos auth is meant to be a gitlab-EE feature only (but at the time, it wasn't a feature at all). I followed these instructions to get it working, and it did!
At some point a lot of those steps became unnecessary. By the 7.10.x release series everything just sort of worked. It certainly continued to do so for 7.13.x.
It's a little clumsy, and we obviously didn't have access to any of the fancier Kerberos features in gitlab-EE (I... presume?), but it was working fine.
When I attempted an upgrade to gitlab 7.14.1 last week, things broke:
-
With LDAP disabled (how things were previously configured), the login page crashed. I believe this is a duplicate of the gitlab-EE bug here that was fixed in 7.14.1. (See my comment here on the regressions thread).
-
Enabling LDAP, as suggested by the workaround for the bug, "worked" but the "Kerberos" button as a custom omniauth provider did not appear on the login screen (there was just LDAP, and nothing else). To quote myself on the other comment:
I am not certain, but I suspect this MR, or a similar change, might be related to the omniauth provider button for kerberos not showing up anymore? The comment "Renamed OauthHelper to AuthHelper since LDAP, SAML, Kerberos aren't OAuth" makes me somewhat suspicious-- because we were using omniauth-kerberos.
Any thoughts? Thanks in advance. :)