Closed mhier closed 4 years ago
I have got the same exact issue here with a slightly different setup :
I use Mattermost 5.13.0 and php-7.3.14-1.
The SSL authority certificat of the (intermediate) issuer of my SSL cert was not in the pool of recognized ones. I fixed it using:
cp TERENA_SSL_CA_3.crt /usr/local/share/ca-certificates/
update-ca-certificates
Now it worked but I get some new troubles:
BTW, I was using Mattermost 5.21.0 not 5.13.0.
I think there is indeed some issue with the certificate. Even though it is accepted by Firefox, and even though I have specifically added the issuer certificate to /usr/local/share/ca-certificates/ (despite the root CA is already present on the system by default), even wget complains about not being able to verify the certificate. My solution now was to use a gitlab installation for authentication which exists anyway and runs on a server with a working certificate.
So sorry for the noise, the problem was with my setup, and not a bug :-)
* I can log in and log out. But then I can not log with another LDAP user, the page which comes when I click on the GitLab is the one which ask me to _Authorize_ or _Deny_ the connection. I need to quit the browser to be able to log with another user.
I think this is a legit point and I have observed the same thing. This should be fixed, there should be some kind of logout button.
* Every time I want to log in I get the _Authorize_/_Deny_ page as if the answer was not saved.
Same for this.
@b3 I recommend you to create another issue for this, because these are separate problems. I will close this ticket, since it was just a problem with my local setup.
You are right. Done it in #44 and #45.
@mhier Your issue has been useful anyway (at least for me).
After authorisation I get a "Token request failed" error page from mattermost. The authorisation itself seems to work, on a second attempt I am already signed in and I just have to click the "Authorize" button - but I will again just get the "Token request failed" error.
In the mattermost log I find:
In the web server access log for the oauth page I find:
which looks odd to me, since it does a 302 redirect to the same page, but there are no further requests coming. (Of course there are more requests before to get the login page etc., but they look normal.)
My setup is:
Is a setup in this way unsupported? How else to do it? Or is this a bug? Let me know if I shall provide further information.