Hi guys,
I installed a new Gitlab v15.9.8, and want to integrate it with mattermost (v7.10.2) by Git-SSO。
I configured applicatoin as root in Gitlab.
https://mm.domain.name/login/gitlab/complete
https://mm.domain.name/signup/gitlab/complete
and my gitlab’s url is https://mm.domain.name/gitlab
Now I can redirected to the Gitlab login page from Mattermost, but When I submitted the login request I get the error Bad response from token request.
In the Gitlab’s log file, I found when requested the /gitlab/oauth/token
, the parameter redirect_uri
’s scheme is http
, but actualy it shoud be https
,I DON’T know why it changed to http,but not https. Below is the log.
product_json.log
{"method":"GET","path":"/gitlab/oauth/authorize","format":"html","controller":"Oauth::AuthorizationsController","action":"new","status":302,"location":"http://mm.domain.name/gitlab/users/sign_in","time":"2023-06-02T15:37:43.624Z","params":[{"key":"response_type","value":"code"},{"key":"client_id","value":"8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c"},{"key":"redirect_uri","value":"https://mm.domain.name/signup/gitlab/complete"},{"key":"state","value":"eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ=="},{"key":"scope","value":"read_user"}],"redis_calls":1,"redis_duration_s":0.000289,"redis_read_bytes":74,"redis_write_bytes":85,"redis_sessions_calls":1,"redis_sessions_duration_s":0.000289,"redis_sessions_read_bytes":74,"redis_sessions_write_bytes":85,"db_count":1,"db_write_count":0,"db_cached_count":0,"db_replica_count":0,"db_primary_count":1,"db_main_count":1,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":0,"db_main_cached_count":0,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.0,"db_main_duration_s":0.0,"db_main_replica_duration_s":0.0,"cpu_s":0.011453,"mem_objects":4606,"mem_bytes":353040,"mem_mallocs":1284,"mem_total_bytes":537280,"pid":222130,"worker_id":"puma_0","rate_limiting_gates":[],"correlation_id":"01H1YC3TXVFCN88T5FT1QNAHJZ","db_duration_s":0.0004,"view_duration_s":0.0,"duration_s":0.00309}
{"method":"GET","path":"/gitlab/users/sign_in","format":"html","controller":"SessionsController","action":"new","status":200,"time":"2023-06-02T15:37:43.714Z","params":[],"correlation_id":"01H1YC3TZMMEYBBY37ZGZ87C81","meta.caller_id":"SessionsController#new","meta.remote_ip":"10.9.0.196","meta.feature_category":"authentication_and_authorization","meta.client_id":"ip/10.9.0.196","remote_ip":"10.9.0.196","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","queue_duration_s":0.005659,"request_urgency":"low","target_duration_s":5,"redis_calls":7,"redis_duration_s":0.001258,"redis_read_bytes":1307,"redis_write_bytes":443,"redis_cache_calls":4,"redis_cache_duration_s":0.00074,"redis_cache_read_bytes":829,"redis_cache_write_bytes":271,"redis_sessions_calls":3,"redis_sessions_duration_s":0.000518,"redis_sessions_read_bytes":478,"redis_sessions_write_bytes":172,"db_count":5,"db_write_count":0,"db_cached_count":2,"db_replica_count":0,"db_primary_count":5,"db_main_count":5,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":2,"db_main_cached_count":2,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.001,"db_main_duration_s":0.001,"db_main_replica_duration_s":0.0,"cpu_s":0.043831,"mem_objects":21193,"mem_bytes":2061824,"mem_mallocs":4186,"mem_total_bytes":2909544,"pid":222130,"worker_id":"puma_0","rate_limiting_gates":[],"db_duration_s":0.00126,"view_duration_s":0.02141,"duration_s":0.0328}
{"method":"GET","path":"/gitlab/-/manifest.json","format":"json","controller":"PwaController","action":"manifest","status":200,"time":"2023-06-02T15:37:44.484Z","params":[],"correlation_id":"01H1YC3VRRJM0WMJ8KSN7T6152","meta.caller_id":"PwaController#manifest","meta.remote_ip":"10.9.0.196","meta.feature_category":"navigation","meta.client_id":"ip/10.9.0.196","remote_ip":"10.9.0.196","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","queue_duration_s":0.005047,"request_urgency":"low","target_duration_s":5,"redis_calls":1,"redis_duration_s":0.000235,"redis_write_bytes":41,"redis_cache_calls":1,"redis_cache_duration_s":0.000235,"redis_cache_write_bytes":41,"db_count":1,"db_write_count":0,"db_cached_count":0,"db_replica_count":0,"db_primary_count":1,"db_main_count":1,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":0,"db_main_cached_count":0,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.0,"db_main_duration_s":0.0,"db_main_replica_duration_s":0.0,"cpu_s":0.011301,"mem_objects":5060,"mem_bytes":340792,"mem_mallocs":1205,"mem_total_bytes":543192,"pid":222130,"worker_id":"puma_0","rate_limiting_gates":[],"db_duration_s":0.00033,"view_duration_s":0.0024,"duration_s":0.00505}
{"method":"POST","path":"/gitlab/users/auth/ldapmain/callback","format":"html","controller":"Ldap::OmniauthCallbacksController","action":"ldapmain","status":302,"location":"http://mm.domain.name/gitlab/oauth/authorize","time":"2023-06-02T15:40:07.194Z","params":[{"key":"authenticity_token","value":"[FILTERED]"},{"key":"username","value":"zhaolin.lin"},{"key":"password","value":"[FILTERED]"}],"correlation_id":"01H1YC86RDY3K85GFTBTB0KP79","meta.caller_id":"Ldap::OmniauthCallbacksController#ldapmain","meta.remote_ip":"10.9.0.196","meta.feature_category":"authentication_and_authorization","meta.user":"zhaolin.lin","meta.user_id":2,"meta.client_id":"user/2","remote_ip":"10.9.0.196","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","queue_duration_s":0.046316,"request_urgency":"default","target_duration_s":1,"redis_calls":15,"redis_duration_s":0.003198,"redis_read_bytes":2505,"redis_write_bytes":965,"redis_cache_calls":10,"redis_cache_duration_s":0.001504,"redis_cache_read_bytes":2028,"redis_cache_write_bytes":621,"redis_sessions_calls":4,"redis_sessions_duration_s":0.001085,"redis_sessions_read_bytes":477,"redis_sessions_write_bytes":196,"redis_shared_state_calls":1,"redis_shared_state_duration_s":0.000609,"redis_shared_state_write_bytes":148,"db_count":25,"db_write_count":13,"db_cached_count":1,"db_replica_count":0,"db_primary_count":25,"db_main_count":25,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":1,"db_main_cached_count":1,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.018,"db_main_duration_s":0.018,"db_main_replica_duration_s":0.0,"cpu_s":0.294094,"mem_objects":160747,"mem_bytes":37042451,"mem_mallocs":153133,"mem_total_bytes":43472331,"pid":223803,"worker_id":"puma_0","rate_limiting_gates":[],"net_ldap_count":4,"net_ldap_duration_s":0.05131673417054117,"db_duration_s":0.07744,"view_duration_s":0.0,"duration_s":0.29386}
{"method":"GET","path":"/gitlab/oauth/authorize","format":"html","controller":"Oauth::AuthorizationsController","action":"new","status":200,"time":"2023-06-02T15:40:07.405Z","params":[{"key":"response_type","value":"code"},{"key":"client_id","value":"8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c"},{"key":"redirect_uri","value":"https://mm.domain.name/signup/gitlab/complete"},{"key":"state","value":"eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ=="},{"key":"scope","value":"read_user"}],"redis_calls":8,"redis_allowed_cross_slot_calls":1,"redis_duration_s":0.000978,"redis_read_bytes":687,"redis_write_bytes":1473,"redis_cache_calls":3,"redis_cache_duration_s":0.000339,"redis_cache_read_bytes":608,"redis_cache_write_bytes":248,"redis_sessions_calls":4,"redis_sessions_allowed_cross_slot_calls":1,"redis_sessions_duration_s":0.000421,"redis_sessions_read_bytes":79,"redis_sessions_write_bytes":1172,"redis_shared_state_calls":1,"redis_shared_state_duration_s":0.000218,"redis_shared_state_write_bytes":53,"db_count":7,"db_write_count":3,"db_cached_count":1,"db_replica_count":0,"db_primary_count":7,"db_main_count":7,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":1,"db_main_cached_count":1,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.003,"db_main_duration_s":0.003,"db_main_replica_duration_s":0.0,"cpu_s":0.144318,"mem_objects":88475,"mem_bytes":10596640,"mem_mallocs":31280,"mem_total_bytes":14135640,"pid":223803,"worker_id":"puma_0","rate_limiting_gates":[],"correlation_id":"01H1YC876MVGKR39R8VM5RG6FV","db_duration_s":0.00869,"view_duration_s":0.00844,"duration_s":0.06003}
{"method":"POST","path":"/gitlab/oauth/token","format":"json","controller":"Oauth::TokensController","action":"create","status":400,"time":"2023-06-02T15:40:07.638Z","params":[{"key":"client_id","value":"8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c"},{"key":"client_secret","value":"[FILTERED]"},{"key":"code","value":"[FILTERED]"},{"key":"grant_type","value":"authorization_code"},{"key":"redirect_uri","value":"http://mm.domain.name/signup/gitlab/complete"}],"db_count":2,"db_write_count":0,"db_cached_count":0,"db_replica_count":0,"db_primary_count":2,"db_main_count":2,"db_main_replica_count":0,"db_replica_cached_count":0,"db_primary_cached_count":0,"db_main_cached_count":0,"db_main_replica_cached_count":0,"db_replica_wal_count":0,"db_primary_wal_count":0,"db_main_wal_count":0,"db_main_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_wal_cached_count":0,"db_main_wal_cached_count":0,"db_main_replica_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.0,"db_main_duration_s":0.0,"db_main_replica_duration_s":0.0,"cpu_s":0.046172,"mem_objects":6715,"mem_bytes":1435536,"mem_mallocs":2744,"mem_total_bytes":1704136,"pid":223803,"worker_id":"puma_0","rate_limiting_gates":[],"correlation_id":"01H1YC87H401P0J8VGWN71TNPJ","db_duration_s":0.00045,"view_duration_s":0.00018,"duration_s":0.04159}
nginx.access.log
10.4.22.24 - - [02/Jun/2023:23:37:43 +0800] "GET /oauth/gitlab/login HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:37:43 +0800] "GET /gitlab/oauth/authorize?response_type=code&client_id=8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c&redirect_uri=https%3A%2F%2Fmm.domain.name%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ%3D%3D&scope=read_user HTTP/1.1" 302 113 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:37:43 +0800] "GET /gitlab/users/sign_in HTTP/1.1" 200 10748 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:37:44 +0800] "GET /gitlab/-/manifest.json HTTP/1.1" 304 0 "https://mm.domain.name/gitlab/users/sign_in" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "POST /gitlab/users/auth/ldapmain/callback HTTP/1.1" 302 480 "https://mm.domain.name/gitlab/users/sign_in" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "GET /gitlab/oauth/authorize?response_type=code&client_id=8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c&redirect_uri=https%3A%2F%2Fmm.domain.name%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ%3D%3D&scope=read_user HTTP/1.1" 200 603 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "POST /gitlab/oauth/token HTTP/1.1" 400 213 "-" "Mattermost-Bot/1.1" "21.41.1.47"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "GET /signup/gitlab/complete?code=eb7759339c782a6e305251b059f86583e163b0644efdb71132e432e393ea67d9&state=eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ%3D%3D HTTP/1.1" 500 918 "https://mm.domain.name/gitlab/oauth/authorize?response_type=code&client_id=8b976ed55f420df2f9c8868ffec6593df920985deabee70a5e4becbd123b2c9c&redirect_uri=https%3A%2F%2Fmm.domain.name%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsImlzTW9iaWxlIjoiZmFsc2UiLCJ0b2tlbiI6IjQ1Zm5lOGhwNG9ta3NjcGhnaXlkamNkNHoxbzU1eWVhbWJhN3Rxdzg5b2NqZTgxZzVkbnhwNmJ0OXB1bmN3YWsifQ%3D%3D&scope=read_user" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "GET /error?message=%E4%BB%A4%E7%89%8C%E8%AF%B7%E6%B1%82%E5%BE%97%E5%88%B0%E9%94%99%E8%AF%AF%E7%9A%84%E5%9B%9E%E5%A4%8D%E3%80%82&s=MEUCIEQKnqv8r0-iG-dJXrHERrEmYyJ798ID3X2RbDxyrEANAiEA8gFWACH81JLuDiZ_W0P1M3t_Dkcu6XZiMiI_ivHztmo= HTTP/1.1" 200 3239 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "GET /static/remote_entry.js?bt=1682971546483 HTTP/1.1" 200 8545 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:07 +0800] "GET /static/products/boards/remote_entry.js?bt=1682971546483 HTTP/1.1" 200 3031 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:08 +0800] "GET /api/v4/license/client?format=old HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:08 +0800] "GET /api/v4/config/client?format=old HTTP/1.1" 200 1439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:08 +0800] "GET /api/v4/plugins/webapp HTTP/1.1" 200 1312 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:09 +0800] "GET /plugins/playbooks/api/v0/settings HTTP/1.1" 401 15 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:09 +0800] "GET /plugins/focalboard/api/v2/clientConfig HTTP/1.1" 200 898 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
10.4.22.24 - - [02/Jun/2023:23:40:09 +0800] "GET /static/Metropolis-SemiBold.woff2 HTTP/1.1" 404 19 "https://mm.domain.name/error?message=%E4%BB%A4%E7%89%8C%E8%AF%B7%E6%B1%82%E5%BE%97%E5%88%B0%E9%94%99%E8%AF%AF%E7%9A%84%E5%9B%9E%E5%A4%8D%E3%80%82&s=MEUCIEQKnqv8r0-iG-dJXrHERrEmYyJ798ID3X2RbDxyrEANAiEA8gFWACH81JLuDiZ_W0P1M3t_Dkcu6XZiMiI_ivHztmo=" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "10.9.0.196"
Any suggestion is appreciate, thanks you very much