GitLab - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
Originally Published: 2021-11-01

This article describes how to integrate GitLab with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure

  1. Sign in to the RSA Cloud Administration Console with administrator credentials.
  2. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO).                            Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.                                                                   image.png
  3. On the Applications > Application Catalog page, click Create From Template.                                                                                          image.png
  4. Click Select for SAML Direct.                                                                                                                                                                        image.png
  5. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                          image.png
  6. On the Connection Profile page, click the IdP-initiated option.                                                                                                                      image.png
  7. For providing Service Provider details:
    1. Click Import Metadata and click Choose File.
    2. Select the file that is downloaded from the Service Provider. 
      Refer to the Configure GitLab section to download the metadata file.                                                                                            image.png
  8. Review the ACS URL and Service Provider Entity ID values that are auto-filled.                                                                                          image.png
  9. In the SAML Response Protection section, select IdP signs entire SAML response.
  10. Download the certificate by clicking Download Certificate.                                                                                                                            image.png
  11. Click Show Advanced Configuration.
  12.  Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: persistent and Propertymailimage.png
  13. Click Next Step.
  14. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                             image.png
  15. On the My Applications page click the Edit drop-down icon and select Export Metadata to download the metadata.                           image.png
  16. Click Publish Changes. Your application is now enabled for SSO.                                                                                                           image.pngimage.png

Configure GitLab

Perform these steps to configure GitLab.
Procedure

  1. Sign in to GitLab using administrator credentials - gitlab.com.
  2. On the left pane, select Search or go to Groups and find your group.                                                                                                          image.png
  3. Click Settings > SAML SSO.                                                                                                                                                                        image.png
  4. Copy the GitLab metadata URL and download the metadata file.                                                                                                                image.png
  5. Provide the following details in Configuration.
    1. Identity provider single sign-on URL: Obtain from the metadata file downloaded from RSA.
    2. Certificate fingerprint: See the Notes section for the instructions on how to obtain certificate fingerprint.
    3. Default membership role: Select the role to assign to new users. The default role is Guest. Group Owners can set a Default membership role other than Guest.
    4. Select the Enable SAML authentication for this group checkbox.
    5. (Optional) Select the Enforce SSO-only authentication for web activity for this group checkbox.
    6. (Optional) Select the Enforce SSO-only authentication for Git activity for this group checkbox.
  6. Click Save changes.                                                                                                                                                                                      image.png

Notes

To obtain the certificate fingerprint, follow the steps:
  1. Install the latest version of OpenSSL for Windows.
  2. Open the Windows Command-line.
  3. Navigate to the OpenSSL installation directory (the default directory is C:\OpenSSL-Win32\bin).
  4. Run the following commands to view the certificate fingerprint/thumbprint: openssl x509 -noout -fingerprint -sha1 -inform pem -in <Certificate.pem>.                                                                                                                                                                                       image.png
The configuration is complete.

Return to the GitLab - RSA Ready Implementation Guide.

Related Articles

Trending Articles

Don't see what you're looking for?