search

Crivaledaz / Mattermost-LDAP

This module provides an external LDAP authentication in Mattermost for the Team Edition (free).
MIT License
365 stars 72 forks source link

Invalid state token on Mattermost Team Edition 5.16 #36

Closed rajeshshrma closed 4 years ago

rajeshshrma commented 5 years ago

invalid state

We are getting "Invalid State" Error after authentication from LDAP and redirecting to the signup/complete page. We are

Crivaledaz commented 4 years ago

Hi,

The error "Invalid State" is reached when the state token return from the Oauth server is different or too old from the one given by Mattermost at the beginning of the process.

When you click on the Gitlab button you are redirected to the Oauth server to login against LDAP. The first URL you reach on Oauth server is formatted like that : https://<oauth_server>/oauth/authorize.php?response_type=code&client_id=<ID>&redirect_uri=<URL>&state=<TOKEN>. The last parameter is the state token. The Oauth server should return this token to Mattermost at the end of authentication process.

So, you need to check if the returned token and the initial token are the same and not changed during transport (possible on filtered network). If not, maybe the state token expired too fast. Normally, the state token is automatically managed by Mattermost and Oauth, you do not need to configure anything.

I recommend you to capture network packets between Mattermost, the client and the Oauth server to verify data exchanged between these three parts.

Regards

rajeshshrma commented 4 years ago

Thanks Denis.

I resolved It.

rajeshshrma commented 4 years ago

Resolved.

vasanth3855 commented 4 years ago

Hi @rajeshshrma,

I know its too late, but I'm facing the same issue as you mentioned above. Can you please provide the steps, how you resolved the issue.

Thanks & Regards, Vasanth

rajeshshrma commented 4 years ago

Hi,

The error "Invalid State" is reached when the state token return from the Oauth server is different or too old from the one given by Mattermost at the beginning of the process.

When you click on the Gitlab button you are redirected to the Oauth server to login against LDAP. The first URL you reach on Oauth server is formatted like that : https://

/oauth/authorize.php?response_type=code&client_id=&redirect_uri=&state=. The last parameter is the state token. The Oauth server should return this token to Mattermost at the end of authentication process. So, you need to check if the returned token and the initial token are the same and not changed during transport (possible on filtered network). If not, maybe the state token expired too fast. Normally, the state token is automatically managed by Mattermost and Oauth, you do not need to configure anything. I recommend you to capture network packets between Mattermost, the client and the Oauth server to verify data exchanged between these three parts. Thanks with Regards, Rajesh Kumar Mob : +91-98133-55544 On Mon, Jul 27, 2020 at 7:15 PM vasanth3855 wrote: > Hi @rajeshshrma , > > I know its too late, but I'm facing the same issue as you mentioned above. > Can you please provide the steps, how you resolved the issue. > > Thanks & Regards, > Vasanth > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > , > or unsubscribe > > . >