How do I add Shibboleth as an OmniAuth provider?

Hello All,
I hope this is the right subforum for this.
I have followed the very brief instructions Shibboleth OmniAuth Provider | GitLab and have also googled, but am getting nowhere.

Here’s the problem I’m having:
When I click on the “Shibboleth” button I am redirected to the route “/users/auth/shibboleth/callback”, but not to the IDP I specified in the “shibboleth2.xml”.
I also get the following message:
" Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required."

Since neither the instructions of gitlab, Apache nor Shibboleth are really mature, I don’t even know if I have the right packages installed. e.g. it says that “mod_shib2” is used and in the Apache config file “LoadModule mod_shib /opt/shibboleth-sp/lib/shibboleth/” must be specified. Only, where do I get this file?

The following I have now installed…

  • Apache2 (2.4.52)
  • libapache2-mod-shib (3.3.0+dfsg1-1)
  • shibboleth-sp-common (3.3.0)
  • gitlab (v16.1.1-ee)


I just don’t know anymore and have no idea. If one of you would know a complete tutorial, that would probably already help me.
I hope you can help me, thank you in advance.

Then I have to assume that it is a bug that I am being redirected incorrectly.
Should I create a ticket on the page?

Your issue might be related to an incorrect configuration in the “shibboleth2.xml” file or missing proper installation of the mod_shib module. Try the following steps:

  1. Verify the correct path in Apache for “mod_shib” using LoadModule mod_shib /opt/shibboleth-sp/lib/shibboleth/
  2. Double-check your “shibboleth2.xml” for the correct IDP configuration.
  3. Restart Apache to apply the changes.

If the issue persists, consult the updated official documentation or seek professional support tailored to your specific environment.

Thank you for your reply.
So far I managed to successfully log in to the Idp using the URL /Shibboleth.sso/Login
Via /Shibboleth.sso/Session I see that I have a session via Shibboleth.

The main problem is still that I click on the “Shibboleth” button I am redirected to the route /users/auth/shibboleth/callback, but not to the Idp.

If I imagine it correctly it should be like this.
Click Button Shibboleth → reditect to Idp → Login → redirect to gitlab

I am testing the login with a little trick.
As just described, I log in to the Idp via /Shibboleth.sso/Login and then click on the button.

Now I get an error message:
"message":"(shibboleth) Authentication failure! undefined method empty? for nil:NilClass: NoMethodError, undefined method empty?' for nil:NilClass"

There is nothing more in the log files. It’s a catstrophe, I don’t know where to start to track down the error.
There is not even a stack trace.