Hi, i’ve been searching for a solution but have not been able to find anything. I am trying to setup SSO on my gitlab instance using the omnibus installer. local auth works fine but when attempting openID auth it returns the message:
Could not authenticate you from OpenIDConnect because “Invalid ‘state’ parameter”.
I’ve seen some comments about how the state parameter is supposed to work, but I’ve not found any documentation on how to implement that feature in gitlab. The state parameter was not mentioned in the doc at OpenID Connect OmniAuth provider | GitLab.
Our SSO team investigated and confirmed the authentication is succeeding but the state error is preventing the login.
can anyone assist or point me to a doc that explains what I need to do? Thanks in advance
here’s the config if needed:
gitlab_rails['omniauth_providers'] = [
{
name: "openid_connect",
label: "abc SSO",
icon: "",
args: {
name: "openid_connect",
scope: ["email","openid","profile"],
response_type: "code",
grant_type: "authorization_code",
discovery: true,
client_auth_method: "query",
uid_field: "username",
send_scope_to_token_endpoint: "false",
pkce: true,
client_options: {
identifier: "Client_xxxxx",
secret: "xxxxxx",
redirect_uri: "https://gitlabext.abc.com/users/auth/openid_connect/callback",
authorization_endpoint: "https://qauthn.abc.com/as/authorization.oauth2",
token_endpoint: "https://qauthn.abc.com/as/token.oauth2"
}
}
}
]