Options for auth with GHE

It’s not obvious how to get the sentry-github-auth plugin working with GHE.

I believe I’ve correctly setup the values in sentry.conf.py (client id and client seecret). I see github button in auth integrations, but it seems it tries to redirect to github.com oppose to the GHE domain.

Any ideas?

Also there seems to be ldap auth plugins, but not sure if they work with the latest version of sentry.
Cannot I just setup custom django auth plugins for Sentry? Will that work?

There is a guide for SSO at https://docs.sentry.io/server/sso/ and specific instructions for GitHub SSO at https://github.com/getsentry/sentry-auth-github

What is GHE btw?

GitHub Enterprise

1 Like

Ah, in that case the following section is what you need probably:

Optionally you may also specify the domain (for GHE users):

GITHUB_BASE_DOMAIN = "git.example.com"

GITHUB_API_DOMAIN = "api.git.example.com"

If Subdomain isolation is disabled in GHE:

GITHUB_BASE_DOMAIN = "git.example.com"

GITHUB_API_DOMAIN = "git.example.com/api/v3"

Ok, I’ve finally worked it out after 2 days wasted.

  1. You have to create OAuth app and not a generic github app, as generic app does not work. (The readme page does not state it clearly).
  2. There are two separate github plugins, once for integration, one for SSO. Some of the settings I was setting were only used for the integration and not SSO.

It’s a bit wonky:

  1. Sometimes you have to click login with github twice
  2. You have a separate user account for each org even if you use the same identity
  3. Switching between orgs with the same identity forces you to relog in

But hey it works.

Generic question, does Sentry license their SaaS offering for on-premise?
There is potential interest in distrubuted tracing capabilities, better auth, reports, etc, but for things that are not available on general internet which are not able to use the SaaS offering.

1 Like

@AudriusButkevicius this is great feedback, thanks a lot! We’ll definitely take the feedback around docs clarity into account as there are some improvements we are planning.

Regarding the wonkiness, the first one (multiple clicks) maybe something we may investigate if you saw any errors in your browser console or Sentry log output. The other two are I think design decisions. Someone who worked on the auth backends may provide more insights around those decisions.

On the pricing page, there is a “single tenant” option, which I think is what you may be interested in. I’d encourage you to contact our sales team who’d be more than happy to help you :slight_smile:

That said the main benefit of using Sentry SaaS would be the hassle-free setup and maintenance, free* scaling and cost-efficiency (maintenance and servers are not cheap) as most of these features you want are already available or will be available for OSS on-premise deployments. It is just not as easy to set up all of them as you have experienced first-hand :slight_smile:

* terms and conditions appy :smiley: