Error 404 in callback path POST request on SAML configuration

I try to configure SAML Based Sign On / Log In in a self managed Gitlab instance (13.12 version) installed in a Omnibus packages way. Is a Free-tier version.

I follow the OmniAuth general documentation 1, and specific one for SAML 2.

When I reconfigure (with gitlab-ctl reconfigure) and try to sign up, I get an 404 error when the POST request on the callback path. The IDP was configured well (others SPs work fine in the same time).

In production.log I get this error:

Started POST "/users/auth/saml/callback" for 192.168.0.105 at 2021-06-08 12:58:36 -0300

ActionController::RoutingError (No route matches [POST] "/users/auth/saml/callback"):

lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:21:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:76:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'

The relevant config in gitlab.rb file is:

external_url "https://domain.example.com"
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
    {
      "name" => "SAML",
      args: {
               assertion_consumer_service_url: "https://domain.example.com/users/auth/saml/callback",
               idp_cert_fingerprint: 'E7:91:B2:E1:...',
               idp_sso_target_url: 'https://idp.domain.example/idp/saml2/idp/SSOService.php',
               issuer: 'https://domain.example.com',
               name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
             }
    }
  ]
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/domain.example.com-fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/domain.example.com-key.pem"
letsencrypt['enable'] = false

I got stucked in this problem, since Gitlab not show other error, only 404. In the same instance, Google Oauth2 setup work fine.

I have to set the callback path in other config? some nginx config?
Some idea to debug this 404 error?

I found the problema and fix!

The problem was in the line

"name" => "SAML",

The correct line should be:

"name" => "saml",

Gitlab could be a bug here, I think, because SAML don’t raise an error in reconfigure step, but isn’t a valid provider. Example, if I write something else (like ‘hello’), reconfigure fails. But with SAML (in uppercase) don’t. And the SAML contact with IDP works well. Only fails in callback POST.

Where I can to post a bug report for this?