Use GitLab as OIDC provider

[ahmed]

Hey Everyone,

I’m trying to use GitLab as an OIDC provider with AWX 22.1.0. I have followed these steps:

• Add application in GitLab with :
  • scopes : openid
  • Redirect URI : https://awx-host/sso/complete/oidc/
• Configure Generic OIDC:
  • "SOCIAL_AUTH_OIDC_KEY": "application ID from GitLab"
  • "SOCIAL_AUTH_OIDC_SECRET": "Secret from GitLab"
  • "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "https://gitlab-instance/.well-known/openid-configuration",
  • "SOCIAL_AUTH_OIDC_VERIFY_SSL": false

When I try to connect via GUI, I get this error:

2023-07-31 13:55:44,798 ERROR    [35f2be137b45484d8003e87108ed5049] social Expecting value: line 1 column 1 (char 0).

Is missing something in my configuration or does AWX not support OIDC authentication with GitLab?   ?

Thanks,

[ahmed]

I have changed the SOCIAL_AUTH_OIDC_OIDC_ENDPOINT to https://gitlab-instance  and now I get a new error as in this issue 13226:

ERROR    [b4edee95256c4f68be89f78efbac41dd] social Direct assignment to the forward side of a many-to-many set is prohibited. Use groups.set() instead.

My purpose is to use OIDC for authentication and not for authorization.

Please help, much appreciated !

[ahmed]

The error disappears by upgrading the version of social-auth-core[openidconnect] to 4.4.0.

Now how can I use this backend to authenticate to AWX API from a GitLab pipeline by using CI_JOB_JWT variable ?

[AWX Project]

Do you mind opening a PR or issue in AWX and describe the problem and how bumping to 4.4.0 solved it?

as for you second question, maybe create a new thread since it is about something else.

AWX Team