Problem to solve
if i try to login with openid connect (keycloak → microsoft → gitlab)
500
We're sorry. Something went wrong on our end.
Request ID: `01J2BH8B27CZGK2Z71B55HXBPZ`
it was working for month until i upgrade to 17.1.1 yesterday
Configuration
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_providers'] = [
{
"name" => "keycloak",
"label" => "Keycloak SSO",
"args" => {
"name" => "openid_connect", "strategy_class": "OmniAuth::Strategies::OpenIDConnect",
"scope" => ["openid", "profile", "email"],
"response_type" => "code",
"issuer" => "https://keycloak.*****.it/realms/Credenziali",
"client_auth_method" => "query",
"uid_field" => "uid",
"send_scope_to_token_endpoint" => "false",
"pkce" => "true",
"discovery" => true,
"client_options" => {
"identifier" => "gitlab.****.it",
"secret" => "*******************************",
"redirect_uri" => "https://gitlab.******.it/users/auth/openid_connect/callback"
}
}
}
]
gitlab_rails['omniauth_auto_link_user'] = ['openid_connect']
Versions
Please select whether options apply, and add the version information.
- [ * ] Self-managed
Versions
System information
System: Ubuntu 22.04
Proxy: no
Current User: git
Using RVM: no
Ruby Version: 3.1.5p253
Gem Version: 3.5.11
Bundler Version:2.5.11
Rake Version: 13.0.6
Redis Version: 7.0.15
Sidekiq Version:7.1.6
Go Version: unknown
GitLab information
Version: 17.1.1-ee
Revision: d0ac56e0be2
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 14.11
URL: https://gitlab..it
HTTP Clone URL: https://gitlab..it/some-group/some-project.git
SSH Clone URL: git@gitlab.******.it:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: yes
Using Omniauth: yes
Omniauth Providers: keycloak
GitLab Shell
Version: 14.36.0
Repository storages:
- default: unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Gitaly
- default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version: 17.1.1
- default Git Version: 2.45.1
relevant log:
{
"action": "openid_connect",
"controller": "OmniauthCallbacksController",
"correlation_id": "01J2BH8B27CZGK2Z71B55HXBPZ",
"cpu_s": 0.113558,
"db_cached_count": 0,
"db_ci_cached_count": 0,
"db_ci_count": 0,
"db_ci_duration_s": 0.0,
"db_ci_replica_cached_count": 0,
"db_ci_replica_count": 0,
"db_ci_replica_duration_s": 0.0,
"db_ci_replica_txn_count": 0,
"db_ci_replica_txn_duration_s": 0.0,
"db_ci_replica_txn_max_duration_s": 0.0,
"db_ci_replica_wal_cached_count": 0,
"db_ci_replica_wal_count": 0,
"db_ci_txn_count": 0,
"db_ci_txn_duration_s": 0.0,
"db_ci_txn_max_duration_s": 0.0,
"db_ci_wal_cached_count": 0,
"db_ci_wal_count": 0,
"db_count": 1,
"db_duration_s": 0.00095,
"db_main_cached_count": 0,
"db_main_count": 1,
"db_main_duration_s": 0.001,
"db_main_replica_cached_count": 0,
"db_main_replica_count": 0,
"db_main_replica_duration_s": 0.0,
"db_main_replica_txn_count": 0,
"db_main_replica_txn_duration_s": 0.0,
"db_main_replica_txn_max_duration_s": 0.0,
"db_main_replica_wal_cached_count": 0,
"db_main_replica_wal_count": 0,
"db_main_txn_count": 0,
"db_main_txn_duration_s": 0.0,
"db_main_txn_max_duration_s": 0.0,
"db_main_wal_cached_count": 0,
"db_main_wal_count": 0,
"db_primary_cached_count": 0,
"db_primary_count": 1,
"db_primary_duration_s": 0.001,
"db_primary_txn_count": 0,
"db_primary_txn_duration_s": 0.0,
"db_primary_txn_max_duration_s": 0.0,
"db_primary_wal_cached_count": 0,
"db_primary_wal_count": 0,
"db_replica_cached_count": 0,
"db_replica_count": 0,
"db_replica_duration_s": 0.0,
"db_replica_txn_count": 0,
"db_replica_txn_duration_s": 0.0,
"db_replica_txn_max_duration_s": 0.0,
"db_replica_wal_cached_count": 0,
"db_replica_wal_count": 0,
"db_txn_count": 0,
"db_write_count": 0,
"duration_s": 0.01746,
"exception.backtrace": [
"ee/lib/gitlab/auth/oidc/config.rb:22:in `required_groups'",
"ee/lib/gitlab/auth/oidc/user.rb:42:in `required_groups_enabled?'",
"ee/lib/gitlab/auth/oidc/user.rb:20:in `find_user'",
"lib/gitlab/auth/o_auth/user.rb:75:in `gl_user'",
"lib/gitlab/auth/o_auth/user.rb:261:in `update_profile'",
"lib/gitlab/auth/o_auth/user.rb:34:in `initialize'",
"ee/lib/gitlab/auth/oidc/user.rb:16:in `initialize'",
"app/controllers/omniauth_callbacks_controller.rb:201:in `new'",
"app/controllers/omniauth_callbacks_controller.rb:201:in `block in build_auth_user'",
"gems/gitlab-utils/lib/gitlab/utils/strong_memoize.rb:65:in `strong_memoize_with'",
"app/controllers/omniauth_callbacks_controller.rb:200:in `build_auth_user'",
"app/controllers/omniauth_callbacks_controller.rb:209:in `sign_in_user_flow'",
"app/controllers/omniauth_callbacks_controller.rb:168:in `omniauth_flow'",
"ee/app/controllers/ee/omniauth_callbacks_controller.rb:15:in `openid_connect'",
"actionpack (7.0.8.4) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'",
"actionpack (7.0.8.4) lib/abstract_controller/base.rb:215:in `process_action'",
"actionpack (7.0.8.4) lib/action_controller/metal/rendering.rb:165:in `process_action'",
"actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:234:in `block in process_action'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:118:in `block in run_callbacks'",
"lib/gitlab/ip_address_state.rb:11:in `with'",
"ee/app/controllers/ee/application_controller.rb:45:in `set_current_ip_address'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"app/controllers/application_controller.rb:468:in `set_current_admin'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"lib/gitlab/session.rb:11:in `with_session'",
"app/controllers/application_controller.rb:459:in `set_session_storage'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"lib/gitlab/i18n.rb:114:in `with_locale'",
"app/controllers/application_controller.rb:452:in `set_locale'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"marginalia (1.11.1) lib/marginalia.rb:109:in `record_query_comment'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"app/controllers/application_controller.rb:443:in `set_current_context'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"sentry-rails (5.17.3) lib/sentry/rails/controller_transaction.rb:28:in `block in sentry_around_action'",
"sentry-ruby (5.17.3) lib/sentry/hub.rb:102:in `with_child_span'",
"sentry-ruby (5.17.3) lib/sentry-ruby.rb:490:in `with_child_span'",
"sentry-rails (5.17.3) lib/sentry/rails/controller_transaction.rb:14:in `sentry_around_action'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:127:in `block in run_callbacks'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:138:in `run_callbacks'",
"actionpack (7.0.8.4) lib/abstract_controller/callbacks.rb:233:in `process_action'",
"actionpack (7.0.8.4) lib/action_controller/metal/rescue.rb:23:in `process_action'",
"actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:67:in `block in process_action'",
"activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in `block in instrument'",
"activesupport (7.0.8.4) lib/active_support/notifications/instrumenter.rb:24:in `instrument'",
"activesupport (7.0.8.4) lib/active_support/notifications.rb:206:in `instrument'",
"actionpack (7.0.8.4) lib/action_controller/metal/instrumentation.rb:66:in `process_action'",
"actionpack (7.0.8.4) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'",
"activerecord (7.0.8.4) lib/active_record/railties/controller_runtime.rb:27:in `process_action'",
"actionpack (7.0.8.4) lib/abstract_controller/base.rb:151:in `process'",
"actionview (7.0.8.4) lib/action_view/rendering.rb:39:in `process'",
"actionpack (7.0.8.4) lib/action_controller/metal.rb:188:in `dispatch'",
"actionpack (7.0.8.4) lib/action_controller/metal.rb:251:in `dispatch'",
"actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'",
"actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:32:in `serve'",
"actionpack (7.0.8.4) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'",
"actionpack (7.0.8.4) lib/action_dispatch/routing/mapper.rb:48:in `serve'",
"actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:50:in `block in serve'",
"actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in `each'",
"actionpack (7.0.8.4) lib/action_dispatch/journey/router.rb:32:in `serve'",
"actionpack (7.0.8.4) lib/action_dispatch/routing/route_set.rb:852:in `call'",
"gitlab-experiment (0.9.1) lib/gitlab/experiment/middleware.rb:19:in `call'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:470:in `call_app!'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:418:in `callback_phase'",
"omniauth_openid_connect (0.6.1) lib/omniauth/strategies/openid_connect.rb:138:in `callback_phase'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:272:in `callback_call'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:194:in `call!'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:202:in `call!'",
"omniauth (2.1.0) lib/omniauth/strategy.rb:169:in `call'",
"flipper (0.26.2) lib/flipper/middleware/memoizer.rb:72:in `memoized_call'",
"flipper (0.26.2) lib/flipper/middleware/memoizer.rb:37:in `call'",
"lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `block in call'",
"lib/gitlab/sidekiq_sharding/validator.rb:42:in `enabled'",
"lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `call'",
"lib/gitlab/middleware/memory_report.rb:13:in `call'",
"lib/gitlab/middleware/speedscope.rb:13:in `call'",
"lib/gitlab/database/load_balancing/rack_middleware.rb:23:in `call'",
"lib/gitlab/middleware/go.rb:20:in `call'",
"lib/gitlab/etag_caching/middleware.rb:21:in `call'",
"lib/gitlab/middleware/query_analyzer.rb:11:in `block in call'",
"lib/gitlab/database/query_analyzer.rb:40:in `within'",
"lib/gitlab/middleware/query_analyzer.rb:11:in `call'",
"lib/gitlab/middleware/organizations/current.rb:20:in `call'",
"batch-loader (2.0.5) lib/batch_loader/middleware.rb:11:in `call'",
"rack-attack (6.7.0) lib/rack/attack.rb:103:in `call'",
"apollo_upload_server (2.1.6) lib/apollo_upload_server/middleware.rb:19:in `call'",
"lib/gitlab/middleware/multipart.rb:173:in `call'",
"rack-attack (6.7.0) lib/rack/attack.rb:127:in `call'",
"warden (1.2.9) lib/warden/manager.rb:36:in `block in call'",
"warden (1.2.9) lib/warden/manager.rb:34:in `catch'",
"warden (1.2.9) lib/warden/manager.rb:34:in `call'",
"rack-cors (2.0.1) lib/rack/cors.rb:102:in `call'",
"rack (2.2.8.1) lib/rack/tempfile_reaper.rb:15:in `call'",
"rack (2.2.8.1) lib/rack/etag.rb:27:in `call'",
"rack (2.2.8.1) lib/rack/conditional_get.rb:27:in `call'",
"rack (2.2.8.1) lib/rack/head.rb:12:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/http/permissions_policy.rb:38:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/http/content_security_policy.rb:36:in `call'",
"lib/gitlab/middleware/read_only/controller.rb:50:in `call'",
"lib/gitlab/middleware/read_only.rb:18:in `call'",
"lib/gitlab/middleware/unauthenticated_session_expiry.rb:18:in `call'",
"rack (2.2.8.1) lib/rack/session/abstract/id.rb:266:in `context'",
"rack (2.2.8.1) lib/rack/session/abstract/id.rb:260:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/cookies.rb:704:in `call'",
"lib/gitlab/middleware/same_site_cookies.rb:27:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'",
"activesupport (7.0.8.4) lib/active_support/callbacks.rb:99:in `run_callbacks'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/callbacks.rb:26:in `call'",
"sentry-rails (5.17.3) lib/sentry/rails/rescued_exception_interceptor.rb:12:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'",
"lib/gitlab/middleware/path_traversal_check.rb:27:in `call'",
"lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'",
"sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:29:in `block (2 levels) in call'",
"sentry-ruby (5.17.3) lib/sentry/hub.rb:251:in `with_session_tracking'",
"sentry-ruby (5.17.3) lib/sentry-ruby.rb:403:in `with_session_tracking'",
"sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:20:in `block in call'",
"sentry-ruby (5.17.3) lib/sentry/hub.rb:59:in `with_scope'",
"sentry-ruby (5.17.3) lib/sentry-ruby.rb:383:in `with_scope'",
"sentry-ruby (5.17.3) lib/sentry/rack/capture_exceptions.rb:19:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'",
"lib/gitlab/middleware/basic_health_check.rb:25:in `call'",
"lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app'",
"railties (7.0.8.4) lib/rails/rack/logger.rb:25:in `block in call'",
"activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in `block in tagged'",
"activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:37:in `tagged'",
"activesupport (7.0.8.4) lib/active_support/tagged_logging.rb:99:in `tagged'",
"railties (7.0.8.4) lib/rails/rack/logger.rb:25:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/remote_ip.rb:93:in `call'",
"lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'",
"lib/gitlab/middleware/request_context.rb:15:in `call'",
"lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'",
"request_store (1.5.1) lib/request_store/middleware.rb:19:in `call'",
"rack (2.2.8.1) lib/rack/method_override.rb:24:in `call'",
"rack (2.2.8.1) lib/rack/runtime.rb:22:in `call'",
"rack-timeout (0.6.3) lib/rack/timeout/core.rb:148:in `block in call'",
"rack-timeout (0.6.3) lib/rack/timeout/support/timeout.rb:19:in `timeout'",
"rack-timeout (0.6.3) lib/rack/timeout/core.rb:147:in `call'",
"config/initializers/fix_local_cache_middleware.rb:11:in `call'",
"lib/gitlab/middleware/compressed_json.rb:44:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/executor.rb:14:in `call'",
"lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'",
"rack (2.2.8.1) lib/rack/sendfile.rb:110:in `call'",
"lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'",
"lib/gitlab/metrics/requests_rack_middleware.rb:79:in `call'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/rack.rb:22:in `block in call'",
"gitlab-labkit (0.36.0) lib/labkit/context.rb:35:in `with_context'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/rack.rb:21:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/request_id.rb:26:in `call'",
"actionpack (7.0.8.4) lib/action_dispatch/middleware/host_authorization.rb:131:in `call'",
"railties (7.0.8.4) lib/rails/engine.rb:530:in `call'",
"railties (7.0.8.4) lib/rails/railtie.rb:226:in `public_send'",
"railties (7.0.8.4) lib/rails/railtie.rb:226:in `method_missing'",
"lib/gitlab/middleware/release_env.rb:13:in `call'",
"rack (2.2.8.1) lib/rack/urlmap.rb:74:in `block in call'",
"rack (2.2.8.1) lib/rack/urlmap.rb:58:in `each'",
"rack (2.2.8.1) lib/rack/urlmap.rb:58:in `call'",
"puma (6.4.0) lib/puma/configuration.rb:272:in `call'",
"puma (6.4.0) lib/puma/request.rb:100:in `block in handle_request'",
"puma (6.4.0) lib/puma/thread_pool.rb:378:in `with_force_shutdown'",
"puma (6.4.0) lib/puma/request.rb:99:in `handle_request'",
"puma (6.4.0) lib/puma/server.rb:443:in `process_client'",
"puma (6.4.0) lib/puma/server.rb:241:in `block in run'",
"puma (6.4.0) lib/puma/thread_pool.rb:155:in `block in spawn_thread'"
],
"exception.class": "NoMethodError",
"exception.message": "undefined method `dig' for nil:NilClass\n\n options.dig('args', 'client_options', 'gitlab', 'required_groups') || []\n ^^^^",
"format": "html",
"mem_bytes": 2835977,
"mem_mallocs": 7111,
"mem_objects": 22471,
"mem_total_bytes": 3734817,
"meta.caller_id": "OmniauthCallbacksController#openid_connect",
"meta.client_id": "ip/192.168.8.7",
"meta.feature_category": "system_access",
"meta.remote_ip": "192.168.8.7",
"method": "GET",
"params": [
{
"key": "state",
"value": "ab0eb8d7f39b6b3f40a1a9c7af02870c"
},
{
"key": "session_state",
"value": "c2895cf2-29b2-483d-9c1c-876d8f273860"
},
{
"key": "iss",
"value": "https://keycloak.*********.it/realms/Credenziali"
},
{
"key": "code",
"value": "[FILTERED]"
}
],
"path": "/users/auth/openid_connect/callback",
"pid": 51758,
"rate_limiting_gates": [
],
"redis_calls": 6,
"redis_duration_s": 0.001319,
"redis_feature_flag_calls": 4,
"redis_feature_flag_duration_s": 0.000744,
"redis_feature_flag_read_bytes": 714,
"redis_feature_flag_write_bytes": 203,
"redis_read_bytes": 1163,
"redis_sessions_calls": 2,
"redis_sessions_duration_s": 0.000575,
"redis_sessions_read_bytes": 449,
"redis_sessions_write_bytes": 85,
"redis_write_bytes": 288,
"remote_ip": "192.168.8.7",
"request_urgency": "default",
"status": 500,
"target_duration_s": 1,
"time": "2024-07-09T10:40:01.065Z",
"ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"view_duration_s": 0.0,
"worker_id": "puma_0"
}