EsperoTech
Self-hosted environment (K8s) - with Gitlab login - how to make it work?
Hello everyone,
We're trying to configure Yaade's login to work with OAuth2 authentication to our self-hosted GitLab instance. Our environment runs on a self-hosted Kubernetes cluster, and despite multiple attempts, we haven't been able to get OAuth2 authentication to work correctly.
providers.json:
{
"providers": [
{
"id": "1",
"label": "Login with Gitlab",
"provider": "oauth2",
"params": {
"flow": "AUTH_CODE",
"clientId": "519945450824770729704c7fc5b7a7b44f444f3f632ca3aab38e69485c14f7b6",
"clientSecret": "gloas-c11662722e03d52b5db1e01034e18b00316df006785fe3ad482633302b5c245d",
"site": "https://gitlab.k8s-test.local",
"tokenPath": "/oauth/token",
"authorizationPath": "/oauth/authorize",
"userInfoPath": "https://gitlab.k8s-test.local/api/v4/user",
"callbackUrl": "https://yaade.k8s-test.local/auth/callback",
"ssl": true,
"trustAll": true,
"verifyHost": false,
"fields": {
"username": "/email",
"groups": "/groups_direct",
"groupsFilter": "*.yaade",
"defaultGroups": ["kubernetes/all-rights/viewer"]
},
"scopes": ["openid", "profile", "email"]
}
}
]
}
We've followed the available documentation and tried various configurations, but we keep running into issues. Our recent error is: "Failed to create SSL connection" (we have a self-signed certificate)
{"classLoaderName":null,"moduleName":"java.base","moduleVersion":"17.0.14","methodName":"run","fileName":"Thread.java","lineNumber":840,"nativeMethod":false,"className":"java.lang.Thread"}],"code":500,"message":"Failed to create SSL connection","suppressed":[],"localizedMessage":"Failed to create SSL connection"}
Does anyone have a working example or a setup that successfully integrates Yaade with GitLab OAuth2? Any guidance, configuration samples, or troubleshooting tips would be greatly appreciated!
Thanks in advance.
This is related to https://github.com/EsperoTech/yaade/issues/242#issuecomment-2757056611
Currently it's not possible to have a custom SSL certificate for the OAuth2 flow.
