Mattermost, Inc.

Identity Provider Public Certificate from Okta fails to Upload to Mattermost

Summary

Identity Provider Public Certificate from Okta fails to Upload to Mattermost

Steps to reproduce

Mattermost Enterprise Edition
Version: 3.3.0
Database: postgres

System Console > AUTHENTICATION > SAML

Upload Identity Provider Public Certifcate from Okta

https://docs.mattermost.com/deployment/sso-saml-okta.html

Expected behavior

Expected behavior is for the certificate to upload properly

Observed behavior

After Uploading the certificate file, it displays Could not save certificate file

Okta provides a .cert file; I have a suspicion that this is not the format that Mattermost is expecting…

Thanks @pmccarthy, any error messages in the logs?

[2016/08/26 17:42:57 EDT] [EROR] /api/v3/admin/add_certificate:addCertificate code=500 rid=... uid=... ip=... Could not save certificate file [details: open /opt/mattermost/config/okta.cert: permission denied]

Interesting. I just upgraded to Enterprise from Team Edition and it looks like I needed to redo these commands:

sudo chown -R mattermost:mattermost /opt/mattermost
sudo chmod -R g+w /opt/mattermost

The upgrade documentation should probably mention that

I just submitted some Issues on github to update documentation

Thanks @pmccarthy, highly appreciated! I’ve proposed adding a step in the release process to review our upgrade and install guides for issues like this: https://github.com/mattermost/docs/issues/404