Gitea: Single Sign-On with OAuth2 provider (Keycloak) is not login single sign-on

Created on 2 Jul 2018  路  4Comments  路  Source: go-gitea/gitea
  • Gitea version (or commit ref): 1.4.1
  • Git version: 2.15.0
  • Operating system: Debian Linux
  • Database (use [x]):

    • [x] PostgreSQL

    • [ ] MySQL

    • [ ] MSSQL

    • [ ] SQLite

  • Can you reproduce the bug at https://try.gitea.io:

    • [ ] Yes (provide example URL)

    • [x] No

    • [ ] Not relevant

  • Log gist:

Description

I'm using Keycloak as a SSO solution and have configured Gitea to use OAuth2 authentication. That works fine. I have also Jenkins using the same SSO solution.

The problem is that if I login into Jenkins as the same user then I'm not logged in in Gitea. I was thinking that in SSO Keycloak I only need to be logged in once in any application and it will logged me everywhere. I need to login separately in Gitea.

After I click on Sign In and Sign In Using Openid Connect I'm logged in without password.

Is that the expected behavior?

My expectation would be that after I logged in into Jenkins then I'm also automatically logged in into Gitea without the need to click on Sign In Using Openid Connect.
...

Screenshots


grafik

grafik

grafik

grafik

kinquestion
Source
picture devent

Most helpful comment

If I remember correctly, you just add in the config:

    [openid]
    ENABLE_OPENID_SIGNIN = true
    ENABLE_OPENID_SIGNUP = false

After that you can configure the OpenID in Gitea itself.

grafik

picture devent on 15 Jul 2019
👍7

All 4 comments

Gitea can not possibility know and should not know about other sessions you have with this SSO. So you still have to click sign in in gitea just like if you would first sign in in gitea and later you would still be required to sing in into Jenkins. You should not be asked for password when signing in tho

lafriks picture lafriks on 2 Jul 2018

Then I had the wrong idea what SSO means. Thank you. Yes, I don't need to enter any password to login in Gitea if I'm already logged in into Jenkins.

devent picture devent on 3 Jul 2018
👍1

I know this is a bit off topic - but is there any link to how to configure gitea to use keycloak as an auth source? My Google-foo has turned up nothing :(

CRCinAU picture CRCinAU on 14 Jul 2019

If I remember correctly, you just add in the config:

    [openid]
    ENABLE_OPENID_SIGNIN = true
    ENABLE_OPENID_SIGNUP = false

After that you can configure the OpenID in Gitea itself.

grafik

devent picture devent on 15 Jul 2019
👍7
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kolargol picture kolargol  路  3Comments
adpande picture adpande  路  3Comments
jakimfett picture jakimfett  路  3Comments
lunny picture lunny  路  3Comments
kifirkin picture kifirkin  路  3Comments