Configure GitLab SAML with ADFS 3.0

Windows

While setting up gitlab with ADFS 3.0 we noticed there is a couple of gotchas you need to watch out for:

  1. You need to set the NotBeforeSkew to something like 2 in ADFS
  2. You need to trasform the transient identifier in ADFS
  3. idp_cert_fingerprint is case sensitive and needs to be all in CAPS

To set it up follow the following instructions:

In gitlab you need to set the following config

  • Replace the https://gitlab.com with your gitlab address
  • Replace the https://adfs.com with your ADFS address
  • REplace the https://gitlab.local with what ever you like
  • Replace 35:FA:DD:CF:1E:8F:8B:E4:CA:E1:AE:2A:EF:70:95:D5:DC:5C:67:1B with the finger print of your signing certificate

 

For ADFS configure the following settings (Use the same address replacements as above):

gitlab1

gitlab2

gitlab3

gitlab4gitlab5 gitlab6

Then Run the following command to set the skew in Powershell on the ADFS server:

 

Leave a Reply

Your email address will not be published. Required fields are marked *