Given that your keycloak instance is running (and accessible to the user browser) at https://mykeycloak.net, its version is 17 or higher and you are using the realm named _master_.

Given that your gitlab is at https://gitlab.example.com.

At keycloak:

1 - create a new client, name it `gitlab` and set https://gitlab.example.com/users/auth/openid_connect/callbac... as the root url (henceforth CALLBACK_URI)

At keycloak, in the `gitlab` client settings screen, tab settings:

1 - Set `acess type` to `confidential`.

2 - Set `Direct Access Grants Enabled` to off.

3 - Set `Valid Redirect URIs` to `https://gitlab.example.com/users/auth/openid_connect/callbac...`* (that is the CALLBACK_URI followed by a *)

4 - Save it (A previously hidden credentials appear in the settings screen.)

At keycloak, in the `gitlab` client settings screen, tab credentials:

1 - note down your client secret (something like HMPhR89hoxrcotAz9vWjEAlPCWRAx2MP), henceforth CLIENT_SECRET

At your gitlab instance config file, setting gitlab_rails['omniauth_providers']:

1 - Set the content as in [1]

2 - Set args.issuer to https://mykeycloak.net/realms/master

3 - Set args.issuer.client_options.identifier to `gitlab`

4 - Set args.issuer.client_options.secret to CLIENT_SECRET

Hope that helps. If that works for you, please write a public markdown github gist with this tutorial and the title "how to configure gitlab with keycloak?" this will help future google searchers. Be sure to reinclude the question "how to configure gitlab with keycloak?" as a title inside the gist, with the tutorial following, as google favors question and answer style.

[1] = https://docs.gitlab.com/ee/administration/auth/oidc.html#con...