diff options
author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-01-15 23:54:02 +0000 |
---|---|---|
committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-01-15 23:54:02 +0000 |
commit | 50984c13a25b59964c4f5416f9aa454a2251bc25 (patch) | |
tree | 403adc5736a8f8b3ef270b73182f1470a02aaca1 | |
parent | 714ae482c1f211dab7e63cf4f679942d2bce8a77 (diff) | |
parent | db66b12b29ab2e210644ae5584402fe58c41bfa3 (diff) | |
download | gitlab-ce-50984c13a25b59964c4f5416f9aa454a2251bc25.tar.gz |
Merge branch 'saml-ts' into 'master'
Added advanced SAML troubleshooting
/cc @dblessing @balameb
See merge request !2456
-rw-r--r-- | doc/integration/saml.md | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 1632e42f701..8841dbdb7c6 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -78,6 +78,18 @@ On the sign in page there should now be a SAML button below the regular sign in ## Troubleshooting -If you see a "500 error" in GitLab when you are redirected back from the SAML sign in page, this likely indicates that GitLab could not get the email address for the SAML user. +If you see a "500 error" in GitLab when you are redirected back from the SAML sign in page, +this likely indicates that GitLab could not get the email address for the SAML user. -Make sure the IdP provides a claim containing the user's email address, using claim name 'email' or 'mail'. The email will be used to automatically generate the GitLab username.
\ No newline at end of file +Make sure the IdP provides a claim containing the user's email address, using claim name +'email' or 'mail'. The email will be used to automatically generate the GitLab username. + +If after signing in into your SAML server you are redirected back to the sign in page and +no error is displayed, check your `production.log` file. It will most likely contain the +message `Can't verify CSRF token authenticity`. This means that there is an error during +the SAML request, but this error never reaches GitLab due to the CSRF check. + +To bypass this you can add `skip_before_action :verify_authenticity_token` to the +`omniauth_callbacks_controller.rb` file. This will allow the error to hit GitLab, +where it can then be seen in the usual logs, or as a flash message in the login +screen.
\ No newline at end of file |