SAML 2.0 Can't verify CSRF token authenticity
Using CentOS 6.6 and gitlab-omnibus Community Edition from the CentOS yum repository version 7.12.0. Have configured omnibus to use HTTPS using a wildcard certificate. Trying to configure SAML 2.0 authentication to an ADFS SAML ID Source.
When trying to use the SAML login button, the SAML dedicated web login page appears but then login doesn't work. /var/log/gitlab/gitlab-rails/production.log shows.
Can't verify CSRF token authenticity.
The SAML server is using COMODO as the external root certificate authority. Is this a problem with gitlab or the local server not trusting the COMODO root cert? Or is this problem something else.
Relevant configuration below from /etc/gitlab/gitlab.rb.
gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = false gitlab_rails['omniauth_block_auto_created_users'] = true gitlab_rails['omniauth_providers'] = [ { "name" => "saml", args: { assertion_consumer_service_url: 'https://git.mydomain.com/users/auth/saml/callback', idp_cert_fingerprint: 'c0:9d:03:48:49:9b:42:4f:6a:45:25:4a:37:4d:06:4b:da:c9:85:a2', idp_sso_target_url: 'https://sso.mydomain.com/adfs/ls/', issuer: 'https://git.mydomain.com/', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' } } ]