Matttermost, Inc.

Bad response from token request

Hi guys,

I’m try to use my Gitlab Omnibus Mattermost but it’s doesn’t work at all.

Gitlab and Lattermost are both on a server B, and accessible via server A using an apache reverse proxy.

So both are reachable with there subdomain ( gitlab.mydomain.com and mattermost.mydomain.com ) on port 80 on server A and configure on different ports on server B ( here gitlab on 29280 and mattermost on 29281).

Here the conf :

gitlab.rb on server B

 external_url 'http://gitlab.mydomain.com'
 nginx['listen_port'] = 29280

 mattermost_external_url 'http://mattermost.mydomain.com'
 mattermost['enable'] = true
 mattermost['gitlab_enable'] = true
 mattermost['gitlab_id'] = "xxxxxx"
 mattermost['gitlab_secret'] = "yyyyy"
 mattermost['gitlab_scope'] = ""
 mattermost['gitlab_auth_endpoint'] = "http://gitlab.mydomain.com/oauth/authorize"
 mattermost['gitlab_token_endpoint'] = "http://gitlab.mydomain.com/oauth/token"
 mattermost['gitlab_user_api_endpoint'] = "http://gitlab.mydomain.com/api/v3/user"
 mattermost_nginx['listen_port'] = 29281

gitlab.conf from server A (apache conf)

<VirtualHost *:80>
    ServerName gitlab.mydomain.com

    ProxyRequests off
    ProxyPass / http://192.168.0.2:29280/ 
    ProxyPassReverse / http://192.168.0.2:29280/ 
    ProxyPreserveHost on

 </VirtualHost>

<VirtualHost *:80>
    ServerName mattermost.mydomain.com

    ProxyRequests off
    ProxyPass / http://192.168.30.5:29281/
    ProxyPassReverse / http://192.168.30.5:29281/
    ProxyPreserveHost on

    RewriteEngine On

    RewriteCond %{REQUEST_URI}  ^/api/v1/websocket    [NC,OR]
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$           [NC,OR]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$          [NC]
    RewriteRule .* ws://192.168.0.2:29281%{REQUEST_URI}  [P,QSA,L]

    <Location /api/v1/websocket>
        Require all granted
        ProxyPassReverse ws://192.168.0.2:29281/api/vi/websocket
        ProxyPassReverseCookieDomain 192.168.0.2 mattermost.mydomain.com
    </Location>

    <Location /api/v1/websocket>
        Require all granted
        ProxyPassReverse ws://192.168.0.2:29281/api/vi/websocket
        ProxyPassReverseCookieDomain 192.168.0.2 mattermost.mydomain.com
    </Location>

</VirtualHost>

Anyone had an idea about how solve this ?

I had a similar issue and found that when I create the Application ID from the Gitlab admin area (as per Gitlab documentation), SSO fails with bad token response. But when I create the application from any user “Profile Settings” (as per Mattermost documentation) it works correctly.