Mattermost generates wrong redirect uri for GitLab SSO authentication

Description

Signing-in into Mattermost through GitLab doesn't work if Mattermost is behind a reverse proxy and this proxy communicates with HTTP with Mattermost while the user is facing the page with HTTPS (because the proxy support SSL).

See: https://github.com/mattermost/platform/issues/3944

Repro:
1. Run Mattermost behind a reverse proxy,
2. let the proxy communicate with Mattermost via HTTP,
3. configure the proxy to support HTTPS for the user,
4. enable SSO with GitLab,
5. finally: try to log-in

Expected behavior

After clicking the SSO button on Mattermost, it will redirect me to GitLab where I have to login-in and authorize the Application to use my account data. After authorizing GitLab should redirect me to Mattermost where I'm logged in now.

Observed behavior

After clicking the SSO button GitLab will fail (with the error message: The redirect URI included is not valid.) due to the fact, that the redirect_uri query param doesn't match the provided client_id.

QA Test Steps

None

Activity

Show:
Jason Blais
June 22, 2017, 11:56 AM

What's the status of this ticket?

Jeff Schering
June 22, 2017, 2:28 PM

I think the original issues were resolved between the time the ticket was opened in Sept 2016, and the time that I tried it in June 2017. I followed the instructions and was able to get it going. The only problems I had were due to user error.

I found that Mattermost is picky about the security certificate. For example, you can't leave the domain blank, (the Common Name when creating the certificate) and it must be signed by a trusted authority (ie, not self-signed)

Jason Blais
June 29, 2017, 3:50 AM

Thanks – is there anything we need to update in our documentation or otherwise?

Eric Sethna
August 28, 2017, 10:48 PM

Let's resolve this ticket as per Jeff's comments. Looks like there were some commits made to address it:

https://github.com/mattermost/mattermost-docker/pull/58
https://github.com/mattermost/mattermost-docker/pull/125

I don't think we've heard anyone hitting this recently.

Linda Mitchell
August 28, 2017, 11:04 PM

Thanks, closing.

Done

Mana

None

Assignee

Linda Mitchell

QA Assignee

None

Reporter

Lindsay Brock

Epic Link

None

Fix versions

None

Mattermost Team

None

Sprint

None

Labels

None

QA Testing Areas

None

GitHub Issue

None

Components

None
Configure