openID Invalid 'state' parameter

Hi, i’ve been searching for a solution but have not been able to find anything. I am trying to setup SSO on my gitlab instance using the omnibus installer. local auth works fine but when attempting openID auth it returns the message:
Could not authenticate you from OpenIDConnect because “Invalid ‘state’ parameter”.

I’ve seen some comments about how the state parameter is supposed to work, but I’ve not found any documentation on how to implement that feature in gitlab. The state parameter was not mentioned in the doc at Use OpenID Connect as an OAuth 2.0 authentication provider | GitLab.

Our SSO team investigated and confirmed the authentication is succeeding but the state error is preventing the login.

can anyone assist or point me to a doc that explains what I need to do? Thanks in advance

here’s the config if needed:

gitlab_rails['omniauth_providers'] = [
  {
    name: "openid_connect",
    label: "abc SSO",
    icon: "",
    args: {
      name: "openid_connect",
      scope: ["email","openid","profile"],
      response_type: "code",
      grant_type: "authorization_code",
      discovery: true,
      client_auth_method: "query",
      uid_field: "username",
      send_scope_to_token_endpoint: "false",
      pkce: true,
      client_options: {
        identifier: "Client_xxxxx",
        secret: "xxxxxx",
        redirect_uri: "https://gitlabext.abc.com/users/auth/openid_connect/callback",
        authorization_endpoint: "https://qauthn.abc.com/as/authorization.oauth2",
        token_endpoint: "https://qauthn.abc.com/as/token.oauth2"
      }
    }
  }
]

Were you ever able to solve the problem. I am seeing the same issue.

I’ve “solved” this issue by changing in Keycloak “Realm settings” → “General” → “SSL” from “external requests” to “none”
I’m using a reverse proxy, maybe that’s why…