Mattermost Connection Fails using GitLab OpenID Connect

We upgraded from version 6.0.2 running on Fedora 33 to 7.5.1. We migrated from the Fedora system to a RHEL 8 system running 7.5.1. We used all Mattermost instructions and are running Enterprise Gov edition. Everything looked good but we can’t get the connection to GitLab working with OpenID Connect. GitLab is running gitlab-ee:15.1.0-ee.0.

Mattermost Log Error - repeats 3 times.

“level”,“msg”:“can’t decrypt token:,:caller”:“app/plugin_api.go:976”,“plugin_id”:“com.githubmanland.mattermost-plugin-gitlab”,“err”:“unpad error. This could happen when incorrect encryption key is used”

When running ‘\gitlab connect’ and other commands we get the following error on GitLab

(User Settings > User Settings) “An error has occurred.” “The redirect URI is not valid.”

Configured URI are the same on Fedora and Red Hat.

Documentation used:

https://docs.mattermost.com/onboard/migrating-to-mattermost.html
GitLab Single Sign-On — Mattermost documentation.

Notes:

1. The Fedora 33 system is still maintaining its OpenID connection to GitLab.
2. Server certificates are not producing errors.
3. We did leave comments for the migration process adding commands to restorecon, chown, chmod, and setcap which were part of the installation and upgrade.

Hi @Tallitsch and welcome to the Mattermost forums!

Can you please confirm that your Mattermost application server as well as the GitLab instance are both running on https with valid SSL/TLS certificates? Also can you confirm that your SiteUrl configuration variable is configured for the URL your clients use (including scheme and port)?

Hi I appreciate your help, but I have resolved the issue. The system did not have the Certificate Authority in the chain. Looks like BigFix didn’t think it needed it after installation. Thanks again!

Alright, thanks - this confirms my assumption about invalid certificates, good to hear that you’re up and running now!