Configure JFrog OIDC Integration with GitLab

JFrog Platform Administration Documentation
Content Type
Administration / Platform
ft:sourceType
Paligo

To configure an integration between the JFrog Platform and GitLab, follow these steps:

  1. Navigate to the Administration tab In the JFrog Platform UI

  2. Click General Management | Manage Integrations

  3. Click New Integration, and select OpenID Connect from the drop-down menu. Enter the following information in the module fields:

    oidc_gitlab_.png

    1. In the Provider Type field, select Generic OpenID Connect from the drop-down menu

    2. In the Provider URL field:

      • For Cloud GitLab users, enter: https://gitlab.com

      • For Self-Hosted GitLab users, enter the URL of your GitLab instance

    3. (Optional) In the Description field, enter a description for the integration

    4. (Optional) In the Audience field, enter the audience you want to use for the integration- note that the token audience needs to match this value.

    5. (Optional) In the Token Issuer field, if required, add the token issuer

      Note

      Token Issuer is required only if the iss claim in the GitLab token is different from the value of the Provider URL field.

  4. Under Identity Mappings, click Add Identity Mapping. Enter the following information in the module fields:

    oidc_gitlab_identity_mapping.png

    1. In the Priority field, enter 1 to assign the strongest permission gate

    2. (optional) In the Description field, enter a description for the identity mapping

    3. In the Claims JSON field, enter the identity mapping according to the token claims you want to match: for example, in this entry, the "sub" claim matches value "project_path:root/oidc-poc:ref_type:branch:ref:main":

      {"sub": "project_path:root/oidc-poc:ref_type:branch:ref:main"}

      See below for a list of valid GitLab JSON claims:

      oidc_gitlab_token.png

    4. Click Save

  5. Click Save