See <ahref="https://about.gitlab.com/"class="urlextern"title="https://about.gitlab.com/"rel="nofollow">Gitlab</a> page for product presentation.
</p>
<p>
Gitlab allows to use <abbrtitle="Security Assertion Markup Language">SAML</abbr> to authenticate users, see <ahref="https://docs.gitlab.com/ee/integration/saml.html"class="urlextern"title="https://docs.gitlab.com/ee/integration/saml.html"rel="nofollow">official documentation</a>
label: <spanclass="st0">'Login with LL::NG'</span><spanclass="co1"># optional label for SAML login button</span>
<spanclass="br0">}</span>
<spanclass="br0">]</span></pre>
<divclass="notetip">To get the fingerprint of IDP certificate, copy <abbrtitle="Security Assertion Markup Language">SAML</abbr> certificate from <abbrtitle="LemonLDAP::NG">LL::NG</abbr> configuration in a file and use openssl:
In this case, users won't be able to log directly on gitlab. Set it once you are sure the <abbrtitle="Security Assertion Markup Language">SAML</abbr> configuration is valid.
We suppose <abbrtitle="LemonLDAP::NG">LL::NG</abbr> is configured as <abbrtitle="Security Assertion Markup Language">SAML</abbr> IDP, and that you converted the public key into a certificate for <abbrtitle="Security Assertion Markup Language">SAML</abbr> signature. You must enable the option to send certificates in response. If you don't want to, you need to copy the certificate value into Gitlab configuration, in `idp_cert` parameter.
</p>
<p>
You can get Gitlab <abbrtitle="Security Assertion Markup Language">SAML</abbr> metadata on <ahref="https://gitlab.example.com/users/auth/saml/metadata"class="urlextern"title="https://gitlab.example.com/users/auth/saml/metadata"rel="nofollow">https://gitlab.example.com/users/auth/saml/metadata</a>
</p>
<p>
Register them in <abbrtitle="LemonLDAP::NG">LL::NG</abbr> and send these <abbrtitle="Security Assertion Markup Language">SAML</abbr> attributes:
</p>
<ul>
<liclass="level1"><divclass="li"> mail ⇒ email</div>
</li>
<liclass="level1"><divclass="li"> uid ⇒ uid</div>
</li>
<liclass="level1"><divclass="li"> cn ⇒ name</div>
</li>
</ul>
<divclass="noteimportant">The value from <abbrtitle="LemonLDAP::NG">LL::NG</abbr> mail session attribute must be the email of the user in Gitlab database, in order to associate accounts.