Mattermost, Inc.

Gitlab SSO doesn't work when joining public teams

I thought that setting “Allow anyone to sign-up from login page” and “Include this team in the Team Directory” to “yes” would allow people to join my team without invitation, but that doesn’t happen. When a user that were not invited try to join a public team via Gitlab SSO the following error appears:
Mattermost needs your help: We couldn't find an existing account matching your authentication type for this team. This team may require an invite from the team owner to join.

The log shows pretty much the same (by the way, “EROR”?):

[2016/02/15 08:28:35 BRST] [EROR] /signup/gitlab/complete:SqlUserStore.GetByAuth code=500 rid=xxxxxx uid= ip=xxxxxx We couldn't find an existing account matching your authentication type for this team. This team may require an invite from the team owner to join. [details: teamId=xxxxxx, authData=xxxxxx, authService=gitlab, sql: no rows in result set]

Joining teams with invitation works nicely, and if the user creates a new account through mattermost he can join the public team without invitation as expected.

I have a ‘standalone’ installation of Mattermost 1.4.0 with Gitlab SSO enabled (I’m not using the Gitlab omnibus package).

1 Like

Is the user trying to create a GitLab account for a Mattermost team using an email address that is already used by another account in the Mattermost team?

No. I’ve tried with many users, and in all cases:

  1. They already have an account on Gitlab;
  2. They don’t have an account on Mattermost;
  3. There is no account on Mattermost with the same email address as the user on Gitlab.

By the way, I also tried to first create a team using the Gitlab account (wondering if could be a problem related to user creation and logging at the same time) and afterwards trying to enter a public Team, but the problem persists. In summary, users logged from Gitlab SSO cannot join public Teams.

Thanks for the follow-up, is there only one GitLab system in your deployment, or is it possible you connected OAuth to one GitLab system and users are attempting to log in with accounts on another GitLab system?

There is only one system.

@it33, any idea where I could look for the problem? Some log, configuration, or maybe even code?
Thank you

I’ve also had this issue. We’ve set up GitLab Mattermost (within GitLab omnibus) with a general team for users to join. The main team is shown when a user first navigates, and prompts them to log in with GitLab. We then receive the same error posted in the OP.

[2016/02/17 10:19:00 EST] [EROR] /signup/gitlab/complete:SqlUserStore.GetByAuth code=500 rid=xxtpz7rid784ukk4rg3zaojetr uid= ip=10.3.1.31 We couldn't find an existing account matching your authentication type for this team. This team may require an invite from the team owner to join. [details: teamId=9bao1i7ptigbzna3wd7jjz9suw, authData=5, authService=gitlab, sql: no rows in result set]

We haven’t yet setup OAuth/LDAP yet, just default GitLab user accounts.

There seems to be a weird workaround. If the user first clicks “Create one now”, they can then join the team normally.

Appreciate the feedback, thanks for the additional detail. Does this ticket address your issue?

1 Like

Yes! @AndrewFarley could explain the problem far better than me :slight_smile:

Yep, that is indeed the workflow I expect.

Excellent, you can track progress on that ticket to see the usability issue addressed. In the meantime, others hitting the issue can at least find the workaround–which is to instruct users to use the link to create a new accounts.

Good news that you’re working on it as it will greatly simplify user adoption.