When I’m login our team’s GitLab with OpenIDConnect, I got a 500 error. The log said:
Mail::Field::IncompleteParseError (Mail::AddressList can not parse |temp-email-for-oauth-pppwaw@xxxxxxxxxx.net@gitlab.localhost|: Only able to parse up to “temp-email-for-oauth-pppwaw@xxxxxxxxxx.net@gitlab.localhost”):
app/models/concerns/restricted_signup.rb:79:in
new' app/models/concerns/restricted_signup.rb:79:in
domain_matches?’
app/models/concerns/restricted_signup.rb:68:inallowed_domain?' app/models/concerns/restricted_signup.rb:8:in
validate_admin_signup_restrictions’
app/models/user.rb:2218:inemail_allowed_by_restrictions?' lib/gitlab/database/load_balancing/connection_proxy.rb:119:in
block in write_using_load_balancer’
lib/gitlab/database/load_balancing/load_balancer.rb:112:inblock in read_write' lib/gitlab/database/load_balancing/load_balancer.rb:172:in
retry_with_backoff’
lib/gitlab/database/load_balancing/load_balancer.rb:110:inread_write' lib/gitlab/database/load_balancing/connection_proxy.rb:118:in
write_using_load_balancer’
lib/gitlab/database/load_balancing/connection_proxy.rb:70:intransaction' app/services/users/update_service.rb:35:in
execute’
app/services/users/update_service.rb:44:inexecute!' lib/gitlab/auth/o_auth/user.rb:55:in
save’
lib/gitlab/auth/o_auth/user.rb:86:infind_and_update!' app/controllers/omniauth_callbacks_controller.rb:162:in
sign_in_user_flow’
app/controllers/omniauth_callbacks_controller.rb:130:inomniauth_flow' app/controllers/omniauth_callbacks_controller.rb:17:in
handle_omniauth’
ee/lib/gitlab/ip_address_state.rb:10:inwith' ee/app/controllers/ee/application_controller.rb:45:in
set_current_ip_address’
app/controllers/application_controller.rb:527:inset_current_admin' lib/gitlab/session.rb:11:in
with_session’
app/controllers/application_controller.rb:518:inset_session_storage' lib/gitlab/i18n.rb:105:in
with_locale’
lib/gitlab/i18n.rb:111:inwith_user_locale' app/controllers/application_controller.rb:512:in
set_locale’
app/controllers/application_controller.rb:506:inset_current_context' lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in
call’
lib/gitlab/middleware/rails_queue_duration.rb:33:incall' lib/gitlab/middleware/memory_report.rb:13:in
call’
lib/gitlab/middleware/speedscope.rb:13:incall' lib/gitlab/database/load_balancing/rack_middleware.rb:23:in
call’
lib/gitlab/metrics/rack_middleware.rb:16:inblock in call' lib/gitlab/metrics/web_transaction.rb:46:in
run’
lib/gitlab/metrics/rack_middleware.rb:16:incall' lib/gitlab/jira/middleware.rb:19:in
call’
lib/gitlab/middleware/go.rb:20:incall' lib/gitlab/etag_caching/middleware.rb:21:in
call’
lib/gitlab/middleware/query_analyzer.rb:11:inblock in call' lib/gitlab/database/query_analyzer.rb:37:in
within’
lib/gitlab/middleware/query_analyzer.rb:11:incall' lib/gitlab/middleware/multipart.rb:173:in
call’
lib/gitlab/middleware/read_only/controller.rb:50:incall' lib/gitlab/middleware/read_only.rb:18:in
call’
lib/gitlab/middleware/same_site_cookies.rb:27:incall' lib/gitlab/middleware/handle_malformed_strings.rb:21:in
call’
lib/gitlab/middleware/basic_health_check.rb:25:incall' lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in
call’
lib/gitlab/middleware/request_context.rb:21:incall' lib/gitlab/middleware/webhook_recursion_detection.rb:15:in
call’
config/initializers/fix_local_cache_middleware.rb:11:incall' lib/gitlab/middleware/compressed_json.rb:26:in
call’
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:incall' lib/gitlab/middleware/sidekiq_web_static.rb:20:in
call’
lib/gitlab/metrics/requests_rack_middleware.rb:77:incall' lib/gitlab/middleware/release_env.rb:13:in
call’
My config of OmniAuth:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
#gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
#gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_auto_link_user'] = ['saml']
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "SSO", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://login.microsoftonline.com/xxxxxxxxxx2/v2.0",
client_auth_method: "query",
discovery: true,
uid_field: "sub",
client_options: {
identifier: "xxxxxxxxxx",
secret: "xxxxxxxxxx",
redirect_uri: "https://xxxxxxxxxx/users/auth/openid_connect/callback"
}
}
}
]
My GitLab version: 15.0.3-ee
Is there an error in my configuration? Does anyone have any suggestions?