Hello, I'm trying to integrate gitlab 8.6 with SAML, I followed the document and implement changes at gitlab side as well as on SAML side. I could not get it working and always end with error "Email can't be blank, Notification email can't be blank, and Notification email is invalid"
I believe it's something to do with mapping attributes of email which my IdP is returning is not understandable by gitlab, hence this error. I tried to capture using SAML tracer and have no idea, What to look for and where. I found user facing the same issue at https://gitlab.com/gitlab-org/gitlab-ce/issues/11491 Following is the configuration: gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = true gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_providers'] = [ { "name" => "saml", args: { assertion_consumer_service_url: 'https://gitlab-stage.example.com.com/users/auth/saml/callback', idp_cert_fingerprint: '30:78:F0:05:E9:36:50:8A:DA:1F:F6:A0:E8:1C:E2:29:8F:90:49:15', idp_sso_target_url: 'https://saml.examplecom/idp', allowed_clock_drift: 30, issuer: 'https://gitlab-stage.example.com', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', }, "label" => "SAML Login" # optional label for SAML login button, defaults to "Saml" } ] Production logs says: --- Saml Response: <long response--- trimmed> Redirected to https://gitlab-stage.example.com/users/auth/saml/omniauth_error?error=Email+can%27t+be+blank%2C+Notification+email+can%27t+be+blank%2C+and+Notification+email+is+invalid Completed 302 Found in 126ms (ActiveRecord: 5.1ms) Started GET "/users/auth/saml/omniauth_error?error=Email+can%27t+be+blank%2C+Notification+email+can%27t+be+blank%2C+and+Notification+email+is+invalid" for 127.0.0.1 at 2016-04-13 17:16:41 +0530 Processing by OmniauthCallbacksController#omniauth_error as HTML Parameters: {"error"=>"Email can't be blank, Notification email can't be blank, and Notification email is invalid", "provider"=>"saml"} Completed 422 Unprocessable Entity in 38ms (Views: 10.7ms | ActiveRecord: 2.1ms) --- Can anyone give some pointers to look into ? Thank you so much! Have a great day! Regards, Savitoj Singh -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/bb3b25f0-d450-4531-9764-b2f536941a38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
