Gitlab - Omniauth CAS3 - error 422 (OAuth) Error saving user ["Email is invalid"]

Hi all,

I’ve been trying to setup gitlab ce with omniauth against our cas3 server (apereo)

the gitblab.rb :

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['cas3']
gitlab_rails['omniauth_block_auto_created_users'] = false

gitlab_rails['omniauth_providers'] = [
  {
      "name"=> "cas3",
      "label"=> "cas sign",
      "args"=> {
          "url"=> 'https://cas.xxx.fr:443',
          "login_url"=> '/cas/login',
          "service_validate_url"=> '/cas/p3/serviceValidate',
          "logout_url"=> '/cas/logout',
      }
  }
]

When i go to the sign_in page le “cas sign” shows, redirection to cas.xxx.fr works fine, i can log on cas
then callback brings me back to gitlab and shows a 422 error

image_2021-01-12_115457509×512 20.6 KB

my logs
==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET “/users/auth/cas3/callback?url=https%3A%2F%2Fgit…xxx.fr%2Fusers%2Fsign_in&ticket=ST-177570-goIuVSIrLd68gMBkKAZGkKFVz0I-l144164” for 185.234.140.31 at 2021-01-12 11:55:40 +0100
Processing by OmniauthCallbacksController#cas3 as HTML
Parameters: {“url”=>“https://git.xxx.fr/users/sign_in”, “ticket”=>“ST-177570-goIuVSIrLd68gMBkKAZGkKFVz0I-l144164”}

==> /var/log/gitlab/gitlab-rails/application.log <==
2021-01-12T10:55:40.575Z: (OAuth) Error saving user antoine.lory@icam.fr (temp-email-for-oauth-antoine.lory@icam.fr@gitlab.localhost): ["Email is invalid"]

after some searches … well i don’t really understand what could go wrong here …

a little bit of help will be greatly appreciated

thanks

Hi,

I have the same problem, I think the problem is that CAS username is actually the user email. So the auto-generated temporary email is not valid because it contain multiple @ characters.

I’m still searching how to avoid this on gitlab side.