Migration from LDAP to AAD auth


I’ve made the migration from LDAP on-prem to Azure AD. All works as expected. I can now hit my Gitlab site internally on it’s FQDN and it forces the user to sign in with his Azure creds, no issues.

I’ve also added it to the MyApps part of Azure. This works too but with a slight flaw.

I can sign into myapplications.microsoft.com and get my MFA prompt, etc. I can launch the Gitlab app fine but I’m then taken to the Gitlab login page and an error at the top of the page:

Could not authenticate you from AzureOauth2 because "Csrf detected".

This would suggest a wrongly configured URL in the App registration setup in Azure causing a mismatch of expected URL’s. However, if I then refresh the page, it refreshes and I’m logged into my Gitlab server. This to me, shows that the config is good but it almost looks like it’s a timeout issue somewhere along the line but I can’t figure out whether it’s on my Gitlab server or Azure. As there appears no option in Azure to configure any kind of timeout but Gitlab has a bazillion config options, I’m leaning toward this being a Gitlab issue based on nothing more than that very basic observation.

I’m assuming I can’t be alone on this as lots of people must have made this move by now so I’d be grateful if I could get anyone’s experience with this.