I am trying to connect gitlab ci/cd with Vault using OIDC but i am confused in redirect_uri, can anyone help me on this.
Redirect URI should be your Vault URL with some additional details at the end.
Per the HashiCorp docs this is the required format for UI login:
https://{host:port}/ui/vault/auth/{path}/oidc/callback where {path} is the auth method mount path you created in Vault for your GitLab OIDC auth.
If you want users to be able to authenticate via the Vault binary you’ll need to add a second redirect_uri of http://localhost:8250/oidc/callback
I’m assuming you’ve already gone through GitLab’s guide but if not, have a look.
Hey @jeffsanicola , i have provided the same url in the vault config for oidc and the same while configuring the gitlab, but it still it’s stucking in when i am trying to connect UI,
Steps which i did
- Created an application in gitlab and provided the redirect URIs, i.e
https://{host:port}/ui/vault/auth/{path}/oidc/callbackwhere{path} - Config the oidc
vault write auth/oidc/config \
oidc_discovery_url="https://gitlab.com" \
oidc_client_id="app_id" \
oidc_client_secret="secret_id" \
default_role="demo2" \
bound_issuer="localhost"
- Created a demo2 role
vault write auth/oidc/role/demo2 \
user_claim="email" \
allowed_redirect_uris="http://host:port/ui/vault/auth/oidc/oidc/callback" \
groups_claim="groups" \
oidc_scopes="openid" \
policies=default \
bound_audiences="app_id"
- Then went to vault Sever and changed the login to token to oidc, i can see the gitlab but when i click on it, it shows this,
Edit 1 @jeffsanicola ,Now i am in Vault console via Gitlab OIDC.
@agaur123 - you got it working?
Yup @jeffsanicola it’s working now.