GitLab Authentication
Choose DEX_HOSTNAME And Configure DNS
Loft uses the CNCF project dex for single sign-on.
The easiest case is this one:
$LOFT_HOSTNAME = loft.mycompany.tld
(where Loft is running)$DEX_HOSTNAME = dex.mycompany.tld
(where dex should be running)- Loft and dex should run in the same Kubernetes cluster
Then, you can set a CNAME
record with value loft.mycompany.tld
in the DNS configuration for dex.mycompany.tld
.
Create A GitLab App
In GitLab, navigate to User Settings > Applications
and create a new application with the following settings:
- Application name: Loft Login via GitLab
- Redirect URI: https://dex.yourcompany.tld/callback =
https:// + $DEX_HOSTNAME + /callback
- Scopes:
read_user
+openid
Remember the $GITLAB_CLIENT_ID
and $GITLAB_CLIENT_SECRET
that GitLab generates for your OAuth application because you will need it in the next step.
Create Dex Config For GitLab
Create the file dex-config.yaml
with the following dex configuration:
For details about configuring dex for GitLab, take a look at the dex documentation for GitLab.
STEP 4Deploy Dex via Helm
After creating the file dex-config.yaml
, you can now install dex via helm:
Configure Loft To Use Dex For Authentication
To tell Loft to use dex for SSO, navigate to Admin > Config
in Loft and adjust your config as shown below:
Authenticate via Dex + GitLab
After saving the new Loft configuration, Loft will restart itself and you should be able to log in via GitLab and dex.
STEP 7Disable Username + Password Authentication (optional)
To disable password-based authentication, navigate to Admin > Config
add these two lines to your config: